summaryrefslogtreecommitdiff
path: root/python/vyos/firewall.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-12-17 08:30:18 +0100
committerGitHub <noreply@github.com>2022-12-17 08:30:18 +0100
commit8637b02bb60baf499fc63696c28aa1af3559c308 (patch)
tree9037a1bfa13db97f8b0dd9f4e020beee8dd10f32 /python/vyos/firewall.py
parentd7a67aa4a7e7bb82a60ad18103abc6b966a2f8b8 (diff)
parent9a5dfb4b7ec9e065a73511a38e1713aec03eee0e (diff)
downloadvyos-1x-8637b02bb60baf499fc63696c28aa1af3559c308.tar.gz
vyos-1x-8637b02bb60baf499fc63696c28aa1af3559c308.zip
Merge pull request #1626 from nicolas-fort/fwall_group_interface
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r--python/vyos/firewall.py16
1 files changed, 12 insertions, 4 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 48263eef5..429c44802 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -236,12 +236,20 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
output.append(f'ip6 hoplimit {operator} {value}')
if 'inbound_interface' in rule_conf:
- iiface = rule_conf['inbound_interface']
- output.append(f'iifname {iiface}')
+ if 'interface_name' in rule_conf['inbound_interface']:
+ iiface = rule_conf['inbound_interface']['interface_name']
+ output.append(f'iifname {{{iiface}}}')
+ else:
+ iiface = rule_conf['inbound_interface']['interface_group']
+ output.append(f'iifname @I_{iiface}')
if 'outbound_interface' in rule_conf:
- oiface = rule_conf['outbound_interface']
- output.append(f'oifname {oiface}')
+ if 'interface_name' in rule_conf['outbound_interface']:
+ oiface = rule_conf['outbound_interface']['interface_name']
+ output.append(f'oifname {{{oiface}}}')
+ else:
+ oiface = rule_conf['outbound_interface']['interface_group']
+ output.append(f'oifname @I_{oiface}')
if 'ttl' in rule_conf:
operators = {'eq': '==', 'gt': '>', 'lt': '<'}