summaryrefslogtreecommitdiff
path: root/python/vyos/firewall.py
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-06-13 01:45:06 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-06-14 22:57:52 +0200
commit34db435e7a74ee8509777802e03927de2dd57627 (patch)
treeffec6668dd4d2f95918ef47f2f8fbbcbb8db4eaa /python/vyos/firewall.py
parent59526a8adca2922f42778d7563bc0ddc32cfdda8 (diff)
downloadvyos-1x-34db435e7a74ee8509777802e03927de2dd57627.tar.gz
vyos-1x-34db435e7a74ee8509777802e03927de2dd57627.zip
firewall: T4147: Use named sets for firewall groups
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r--python/vyos/firewall.py8
1 files changed, 4 insertions, 4 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index a61d0a9f8..f8f913944 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -192,7 +192,7 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
if group_name[0] == '!':
operator = '!='
group_name = group_name[1:]
- output.append(f'{ip_name} {prefix}addr {operator} $A{def_suffix}_{group_name}')
+ output.append(f'{ip_name} {prefix}addr {operator} @A{def_suffix}_{group_name}')
# Generate firewall group domain-group
elif 'domain_group' in group:
group_name = group['domain_group']
@@ -207,14 +207,14 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
if group_name[0] == '!':
operator = '!='
group_name = group_name[1:]
- output.append(f'{ip_name} {prefix}addr {operator} $N{def_suffix}_{group_name}')
+ output.append(f'{ip_name} {prefix}addr {operator} @N{def_suffix}_{group_name}')
if 'mac_group' in group:
group_name = group['mac_group']
operator = ''
if group_name[0] == '!':
operator = '!='
group_name = group_name[1:]
- output.append(f'ether {prefix}addr {operator} $M_{group_name}')
+ output.append(f'ether {prefix}addr {operator} @M_{group_name}')
if 'port_group' in group:
proto = rule_conf['protocol']
group_name = group['port_group']
@@ -227,7 +227,7 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
operator = '!='
group_name = group_name[1:]
- output.append(f'{proto} {prefix}port {operator} $P_{group_name}')
+ output.append(f'{proto} {prefix}port {operator} @P_{group_name}')
if 'log' in rule_conf and rule_conf['log'] == 'enable':
action = rule_conf['action'] if 'action' in rule_conf else 'accept'