Merge pull request #1361 from sarthurdev/firewall_named

firewall: T4147: Use named sets for firewall groups
author: Christian Poessinger <christian@poessinger.com> 2022-06-15 20:03:47 +0200
committer: GitHub <noreply@github.com> 2022-06-15 20:03:47 +0200
commit: eab40258869631b38b4787816c84efb14fc75ad3 (patch)
tree: 1ba9e60f390495ccab46e00934d5c78f2e52865d /python/vyos/firewall.py
parent: 609a3abb3d9b60daf0bdd5e3733791d520322802 (diff)
parent: 7e59b2a3f31edd4793264876d87af725771a222d (diff)
download: vyos-1x-eab40258869631b38b4787816c84efb14fc75ad3.tar.gz
vyos-1x-eab40258869631b38b4787816c84efb14fc75ad3.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index a61d0a9f8..7d1278d0e 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -192,7 +192,7 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
                     if group_name[0] == '!':
                         operator = '!='
                         group_name = group_name[1:]
-                    output.append(f'{ip_name} {prefix}addr {operator} $A{def_suffix}_{group_name}')
+                    output.append(f'{ip_name} {prefix}addr {operator} @A{def_suffix}_{group_name}')
                 # Generate firewall group domain-group
                 elif 'domain_group' in group:
                     group_name = group['domain_group']
@@ -200,21 +200,21 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
                     if group_name[0] == '!':
                         operator = '!='
                         group_name = group_name[1:]
-                    output.append(f'{ip_name} {prefix}addr {operator} @{group_name}')
+                    output.append(f'{ip_name} {prefix}addr {operator} @D_{group_name}')
                 elif 'network_group' in group:
                     group_name = group['network_group']
                     operator = ''
                     if group_name[0] == '!':
                         operator = '!='
                         group_name = group_name[1:]
-                    output.append(f'{ip_name} {prefix}addr {operator} $N{def_suffix}_{group_name}')
+                    output.append(f'{ip_name} {prefix}addr {operator} @N{def_suffix}_{group_name}')
                 if 'mac_group' in group:
                     group_name = group['mac_group']
                     operator = ''
                     if group_name[0] == '!':
                         operator = '!='
                         group_name = group_name[1:]
-                    output.append(f'ether {prefix}addr {operator} $M_{group_name}')
+                    output.append(f'ether {prefix}addr {operator} @M_{group_name}')
                 if 'port_group' in group:
                     proto = rule_conf['protocol']
                     group_name = group['port_group']
@@ -227,7 +227,7 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
                         operator = '!='
                         group_name = group_name[1:]
 
-                    output.append(f'{proto} {prefix}port {operator} $P_{group_name}')
+                    output.append(f'{proto} {prefix}port {operator} @P_{group_name}')
 
     if 'log' in rule_conf and rule_conf['log'] == 'enable':
         action = rule_conf['action'] if 'action' in rule_conf else 'accept'
author	Christian Poessinger <christian@poessinger.com>	2022-06-15 20:03:47 +0200
committer	GitHub <noreply@github.com>	2022-06-15 20:03:47 +0200
commit	eab40258869631b38b4787816c84efb14fc75ad3 (patch)
tree	1ba9e60f390495ccab46e00934d5c78f2e52865d /python/vyos/firewall.py
parent	609a3abb3d9b60daf0bdd5e3733791d520322802 (diff)
parent	7e59b2a3f31edd4793264876d87af725771a222d (diff)
download	vyos-1x-eab40258869631b38b4787816c84efb14fc75ad3.tar.gz vyos-1x-eab40258869631b38b4787816c84efb14fc75ad3.zip