diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-12-31 19:34:26 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-12-31 19:34:26 +0100 |
| commit | 0091f6080181cc3836d70589d9a2f4a1c1cb11a8 (patch) | |
| tree | 7ca1dbc816a2901b11d55c84c967592ed254aa0f /python/vyos/template.py | |
| parent | c5f118b3af482813a45c327ece29b5b41fd1ad9c (diff) | |
| parent | 28b285b4791aece18fe1bbd76f3d555370545006 (diff) | |
| download | vyos-1x-0091f6080181cc3836d70589d9a2f4a1c1cb11a8.tar.gz vyos-1x-0091f6080181cc3836d70589d9a2f4a1c1cb11a8.zip | |
Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
Diffstat (limited to 'python/vyos/template.py')
| -rw-r--r-- | python/vyos/template.py | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py index f694b53e0..2987fcd0e 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -22,6 +22,7 @@ from jinja2 import FileSystemLoader from vyos.defaults import directories from vyos.util import chmod from vyos.util import chown +from vyos.util import dict_search_args from vyos.util import makedir # Holds template filters registered via register_filter() @@ -503,3 +504,43 @@ def snmp_auth_oid(type): 'none': '.1.3.6.1.6.3.10.1.2.1' } return OIDs[type] + +@register_filter('nft_action') +def nft_action(vyos_action): + if vyos_action == 'accept': + return 'return' + return vyos_action + +@register_filter('nft_rule') +def nft_rule(rule_conf, fw_name, rule_id, ip_name='ip'): + from vyos.firewall import parse_rule + return parse_rule(rule_conf, fw_name, rule_id, ip_name) + +@register_filter('nft_state_policy') +def nft_state_policy(conf, state): + out = [f'ct state {state}'] + + if 'log' in conf and 'enable' in conf['log']: + out.append('log') + + out.append('counter') + + if 'action' in conf: + out.append(conf['action']) + + return " ".join(out) + +@register_filter('nft_intra_zone_action') +def nft_intra_zone_action(zone_conf, ipv6=False): + if 'intra_zone_filtering' in zone_conf: + intra_zone = zone_conf['intra_zone_filtering'] + fw_name = 'ipv6_name' if ipv6 else 'name' + + if 'action' in intra_zone: + if intra_zone['action'] == 'accept': + return 'return' + return intra_zone['action'] + elif dict_search_args(intra_zone, 'firewall', fw_name): + name = dict_search_args(intra_zone, 'firewall', fw_name) + return f'jump {name}' + return 'return' |