diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-12-19 15:33:59 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-12-19 15:33:59 +0000 |
commit | d9c9092dcdc430b26a326345934c4513534bff9b (patch) | |
tree | 0ca393b67a022cba84ec3aee90a3df24e93958b2 /python/vyos/firewall.py | |
parent | d9ab07c3d7d988706cbdfc4fac16f7e2ca264f72 (diff) | |
download | vyos-1x-d9c9092dcdc430b26a326345934c4513534bff9b.tar.gz vyos-1x-d9c9092dcdc430b26a326345934c4513534bff9b.zip |
T4886: Firewall and route policy: Add connection-mark feature to vyos.
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r-- | python/vyos/firewall.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 429c44802..b4b9e67bb 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -322,6 +322,10 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): if tcp_mss: output.append(f'tcp option maxseg size {tcp_mss}') + if 'connection_mark' in rule_conf: + conn_mark_str = ','.join(rule_conf['connection_mark']) + output.append(f'ct mark {{{conn_mark_str}}}') + output.append('counter') if 'set' in rule_conf: @@ -368,6 +372,9 @@ def parse_time(time): def parse_policy_set(set_conf, def_suffix): out = [] + if 'connection_mark' in set_conf: + conn_mark = set_conf['connection_mark'] + out.append(f'ct mark set {conn_mark}') if 'dscp' in set_conf: dscp = set_conf['dscp'] out.append(f'ip{def_suffix} dscp set {dscp}') |