diff options
author | Christian Breunig <christian@breunig.cc> | 2024-02-28 20:35:32 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-28 20:35:32 +0100 |
commit | fc96c0150eb632e016d7f2ba8adf32a9940c1e8c (patch) | |
tree | e41c55228643fac1694d87d24183381d45ef4f38 /python/vyos/firewall.py | |
parent | e1644d96a613d02db8cc21ccac6226b53568c5b0 (diff) | |
parent | 6f7d1e15665655e37e8ca830e28d9650445c1217 (diff) | |
download | vyos-1x-fc96c0150eb632e016d7f2ba8adf32a9940c1e8c.tar.gz vyos-1x-fc96c0150eb632e016d7f2ba8adf32a9940c1e8c.zip |
Merge pull request #3055 from sarthurdev/T6073
vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is required
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r-- | python/vyos/firewall.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index eee11bd2d..49e095946 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -34,6 +34,24 @@ from vyos.utils.process import call from vyos.utils.process import cmd from vyos.utils.process import run +# Conntrack + +def conntrack_required(conf): + required_nodes = ['nat', 'nat66', 'load-balancing wan'] + + for path in required_nodes: + if conf.exists(path): + return True + + firewall = conf.get_config_dict(['firewall'], key_mangling=('-', '_'), + no_tag_node_value_mangle=True, get_first_key=True) + + for rules, path in dict_search_recursive(firewall, 'rule'): + if any(('state' in rule_conf or 'connection_status' in rule_conf or 'offload_target' in rule_conf) for rule_conf in rules.values()): + return True + + return False + # Domain Resolver def fqdn_config_parse(firewall): |