summaryrefslogtreecommitdiff
path: root/python/vyos/firewall.py
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-01-15 12:48:48 +0100
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-01-17 12:28:12 +0100
commit64668771d5f14fc4b68fff382d166238c164bdde (patch)
tree8138b4ae97d8edaf0ddf227b20cabb5c28af57f2 /python/vyos/firewall.py
parentdf5a862beb84145dfc8434efde7d7fee783199cf (diff)
downloadvyos-1x-64668771d5f14fc4b68fff382d166238c164bdde.tar.gz
vyos-1x-64668771d5f14fc4b68fff382d166238c164bdde.zip
firewall: policy: T4178: Migrate and refactor tcp flags
* Add support for ECN and CWR flags
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r--python/vyos/firewall.py10
1 files changed, 2 insertions, 8 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index acde9f913..ad84393df 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -185,14 +185,8 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
return " ".join(output)
def parse_tcp_flags(flags):
- all_flags = []
- include = []
- for flag in flags.split(","):
- if flag[0] == '!':
- flag = flag[1:].lower()
- else:
- include.append(flag.lower())
- all_flags.append(flag.lower())
+ include = [flag for flag in flags if flag != 'not']
+ all_flags = include + [flag for flag in flags['not']] if 'not' in flags else []
return f'tcp flags & ({"|".join(all_flags)}) == {"|".join(include)}'
def parse_time(time):