diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-06-13 01:45:06 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-06-14 22:57:52 +0200 |
commit | 34db435e7a74ee8509777802e03927de2dd57627 (patch) | |
tree | ffec6668dd4d2f95918ef47f2f8fbbcbb8db4eaa /python/vyos/firewall.py | |
parent | 59526a8adca2922f42778d7563bc0ddc32cfdda8 (diff) | |
download | vyos-1x-34db435e7a74ee8509777802e03927de2dd57627.tar.gz vyos-1x-34db435e7a74ee8509777802e03927de2dd57627.zip |
firewall: T4147: Use named sets for firewall groups
* Refactor nftables clean-up code
* Adds policy route test for using firewall groups
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r-- | python/vyos/firewall.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index a61d0a9f8..f8f913944 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -192,7 +192,7 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): if group_name[0] == '!': operator = '!=' group_name = group_name[1:] - output.append(f'{ip_name} {prefix}addr {operator} $A{def_suffix}_{group_name}') + output.append(f'{ip_name} {prefix}addr {operator} @A{def_suffix}_{group_name}') # Generate firewall group domain-group elif 'domain_group' in group: group_name = group['domain_group'] @@ -207,14 +207,14 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): if group_name[0] == '!': operator = '!=' group_name = group_name[1:] - output.append(f'{ip_name} {prefix}addr {operator} $N{def_suffix}_{group_name}') + output.append(f'{ip_name} {prefix}addr {operator} @N{def_suffix}_{group_name}') if 'mac_group' in group: group_name = group['mac_group'] operator = '' if group_name[0] == '!': operator = '!=' group_name = group_name[1:] - output.append(f'ether {prefix}addr {operator} $M_{group_name}') + output.append(f'ether {prefix}addr {operator} @M_{group_name}') if 'port_group' in group: proto = rule_conf['protocol'] group_name = group['port_group'] @@ -227,7 +227,7 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): operator = '!=' group_name = group_name[1:] - output.append(f'{proto} {prefix}port {operator} $P_{group_name}') + output.append(f'{proto} {prefix}port {operator} @P_{group_name}') if 'log' in rule_conf and rule_conf['log'] == 'enable': action = rule_conf['action'] if 'action' in rule_conf else 'accept' |