diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-09-30 06:55:35 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-30 06:55:35 +0300 |
commit | 989ff045aa735bc91ae936aca549e101f6f4d9ed (patch) | |
tree | 7ec6a28dde81e8b050c0b914d67718dea4216d2c /python/vyos/firewall.py | |
parent | b37b0fceb4915fa1e563e34b1e3af1040f461d58 (diff) | |
parent | 2ae3de0848dee0f3da28727fc30e2beeecd412e1 (diff) | |
download | vyos-1x-989ff045aa735bc91ae936aca549e101f6f4d9ed.tar.gz vyos-1x-989ff045aa735bc91ae936aca549e101f6f4d9ed.zip |
Merge pull request #2314 from nicolas-fort/T5616
T5616: firewall and policy: add option to be able to match firewall marks
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r-- | python/vyos/firewall.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 9122e264e..c07ed1adf 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -381,6 +381,14 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name): conn_mark_str = ','.join(rule_conf['connection_mark']) output.append(f'ct mark {{{conn_mark_str}}}') + if 'mark' in rule_conf: + mark = rule_conf['mark'] + operator = '' + if mark[0] == '!': + operator = '!=' + mark = mark[1:] + output.append(f'meta mark {operator} {{{mark}}}') + if 'vlan' in rule_conf: if 'id' in rule_conf['vlan']: output.append(f'vlan id {rule_conf["vlan"]["id"]}') |