summaryrefslogtreecommitdiff
path: root/python/vyos/firewall.py
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2022-12-19 15:33:59 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2022-12-19 15:33:59 +0000
commitd9c9092dcdc430b26a326345934c4513534bff9b (patch)
tree0ca393b67a022cba84ec3aee90a3df24e93958b2 /python/vyos/firewall.py
parentd9ab07c3d7d988706cbdfc4fac16f7e2ca264f72 (diff)
downloadvyos-1x-d9c9092dcdc430b26a326345934c4513534bff9b.tar.gz
vyos-1x-d9c9092dcdc430b26a326345934c4513534bff9b.zip
T4886: Firewall and route policy: Add connection-mark feature to vyos.
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r--python/vyos/firewall.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 429c44802..b4b9e67bb 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -322,6 +322,10 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
if tcp_mss:
output.append(f'tcp option maxseg size {tcp_mss}')
+ if 'connection_mark' in rule_conf:
+ conn_mark_str = ','.join(rule_conf['connection_mark'])
+ output.append(f'ct mark {{{conn_mark_str}}}')
+
output.append('counter')
if 'set' in rule_conf:
@@ -368,6 +372,9 @@ def parse_time(time):
def parse_policy_set(set_conf, def_suffix):
out = []
+ if 'connection_mark' in set_conf:
+ conn_mark = set_conf['connection_mark']
+ out.append(f'ct mark set {conn_mark}')
if 'dscp' in set_conf:
dscp = set_conf['dscp']
out.append(f'ip{def_suffix} dscp set {dscp}')