summaryrefslogtreecommitdiff
path: root/python/vyos/firewall.py
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2023-09-27 17:41:14 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2023-09-29 08:15:59 -0300
commit2ae3de0848dee0f3da28727fc30e2beeecd412e1 (patch)
tree392ef2d2f7e5c94bb666a7efb80fdee61380b23e /python/vyos/firewall.py
parent400df973d3518e9f18cb84b52ca89e08a399e461 (diff)
downloadvyos-1x-2ae3de0848dee0f3da28727fc30e2beeecd412e1.tar.gz
vyos-1x-2ae3de0848dee0f3da28727fc30e2beeecd412e1.zip
T5616: firewall: add option to be able to match firewall marks in firewall filter and in policy route.
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r--python/vyos/firewall.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 9122e264e..c07ed1adf 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -381,6 +381,14 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
conn_mark_str = ','.join(rule_conf['connection_mark'])
output.append(f'ct mark {{{conn_mark_str}}}')
+ if 'mark' in rule_conf:
+ mark = rule_conf['mark']
+ operator = ''
+ if mark[0] == '!':
+ operator = '!='
+ mark = mark[1:]
+ output.append(f'meta mark {operator} {{{mark}}}')
+
if 'vlan' in rule_conf:
if 'id' in rule_conf['vlan']:
output.append(f'vlan id {rule_conf["vlan"]["id"]}')