summaryrefslogtreecommitdiff
path: root/python/vyos/firewall.py
diff options
context:
space:
mode:
authorNicolás Fort <95703796+nicolas-fort@users.noreply.github.com>2024-09-10 03:56:18 -0300
committerGitHub <noreply@github.com>2024-09-10 09:56:18 +0300
commitec3ebe8890c60bbb6f657335c212ac7078dc731c (patch)
treebe7a8cd90f8812991b175b4da209ec063021dc92 /python/vyos/firewall.py
parentb9076dd2e06215659d6a2e3c9e542703dbe79ea3 (diff)
downloadvyos-1x-ec3ebe8890c60bbb6f657335c212ac7078dc731c.tar.gz
vyos-1x-ec3ebe8890c60bbb6f657335c212ac7078dc731c.zip
T6698: firewall: add matcher for vlan type. (#4027)
Diffstat (limited to 'python/vyos/firewall.py')
-rwxr-xr-xpython/vyos/firewall.py13
1 files changed, 13 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index b1978c1fa..64fed8177 100755
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -496,6 +496,19 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
output.append(f'vlan id {rule_conf["vlan"]["id"]}')
if 'priority' in rule_conf['vlan']:
output.append(f'vlan pcp {rule_conf["vlan"]["priority"]}')
+ if 'ethernet_type' in rule_conf['vlan']:
+ ether_type_mapping = {
+ '802.1q': '8021q',
+ '802.1ad': '8021ad',
+ 'ipv6': 'ip6',
+ 'ipv4': 'ip',
+ 'arp': 'arp'
+ }
+ ether_type = rule_conf['vlan']['ethernet_type']
+ operator = '!=' if ether_type.startswith('!') else ''
+ ether_type = ether_type.lstrip('!')
+ ether_type = ether_type_mapping.get(ether_type, ether_type)
+ output.append(f'vlan type {operator} {ether_type}')
if 'log' in rule_conf:
action = rule_conf['action'] if 'action' in rule_conf else 'accept'