summaryrefslogtreecommitdiff
path: root/python/vyos/firewall.py
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2024-08-09 14:03:21 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2024-08-09 14:03:21 +0000
commitff58f3e5f30d3775487a6a3b561863aa37d11d43 (patch)
tree1632953683d33df2a0613dca506305bb341934f0 /python/vyos/firewall.py
parentbe27b8932161b403dfad2551ce791059ff1f3925 (diff)
downloadvyos-1x-ff58f3e5f30d3775487a6a3b561863aa37d11d43.tar.gz
vyos-1x-ff58f3e5f30d3775487a6a3b561863aa37d11d43.zip
T6643: firewall: fix ip address range parsing on firewall rules.
Diffstat (limited to 'python/vyos/firewall.py')
-rwxr-xr-x[-rw-r--r--]python/vyos/firewall.py15
1 files changed, 12 insertions, 3 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 3976a5580..f0cf3c924 100644..100755
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -167,10 +167,19 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
if address_mask:
operator = '!=' if exclude else '=='
operator = f'& {address_mask} {operator} '
- if is_ipv4(suffix):
- output.append(f'ip {prefix}addr {operator}{suffix}')
+
+ if suffix.find('-') != -1:
+ # Range
+ start, end = suffix.split('-')
+ if is_ipv4(start):
+ output.append(f'ip {prefix}addr {operator}{suffix}')
+ else:
+ output.append(f'ip6 {prefix}addr {operator}{suffix}')
else:
- output.append(f'ip6 {prefix}addr {operator}{suffix}')
+ if is_ipv4(suffix):
+ output.append(f'ip {prefix}addr {operator}{suffix}')
+ else:
+ output.append(f'ip6 {prefix}addr {operator}{suffix}')
if 'fqdn' in side_conf:
fqdn = side_conf['fqdn']