diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-10-28 18:19:47 +0000 |
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-11-19 14:31:32 +0000 |
| commit | 9a5dfb4b7ec9e065a73511a38e1713aec03eee0e (patch) | |
| tree | 6c27d3413c22f14af358fd28994a243b9fcf5633 /python/vyos/firewall.py | |
| parent | a61e1a78fe116bb44fe55be3493de7c4dbe8db97 (diff) | |
| download | vyos-1x-9a5dfb4b7ec9e065a73511a38e1713aec03eee0e.tar.gz vyos-1x-9a5dfb4b7ec9e065a73511a38e1713aec03eee0e.zip | |
T4780: Firewall: add firewall groups in firewall. Extend matching criteria so this new group can be used in inbound and outbound matcher
Diffstat (limited to 'python/vyos/firewall.py')
| -rw-r--r-- | python/vyos/firewall.py | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 4075e55b0..0e92da8ab 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -249,12 +249,20 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): output.append(f'ip6 hoplimit {operator} {value}') if 'inbound_interface' in rule_conf: - iiface = rule_conf['inbound_interface'] - output.append(f'iifname {iiface}') + if 'interface_name' in rule_conf['inbound_interface']: + iiface = rule_conf['inbound_interface']['interface_name'] + output.append(f'iifname {{{iiface}}}') + else: + iiface = rule_conf['inbound_interface']['interface_group'] + output.append(f'iifname @I_{iiface}') if 'outbound_interface' in rule_conf: - oiface = rule_conf['outbound_interface'] - output.append(f'oifname {oiface}') + if 'interface_name' in rule_conf['outbound_interface']: + oiface = rule_conf['outbound_interface']['interface_name'] + output.append(f'oifname {{{oiface}}}') + else: + oiface = rule_conf['outbound_interface']['interface_group'] + output.append(f'oifname @I_{oiface}') if 'ttl' in rule_conf: operators = {'eq': '==', 'gt': '>', 'lt': '<'} |