summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorChristian Poessinger <christian.poessinger@rohde-schwarz.com>2022-01-04 05:11:52 +0100
committerGitHub <noreply@github.com>2022-01-04 05:11:52 +0100
commit993b87458456bc6fcbe5aa7fbc7c0c31580032ce (patch)
treec9ee8b805606ea2b57d7cb6ce13d884d91df2799 /python/vyos
parent5a73c946000902f6e445b0803ca090f7fc6e0954 (diff)
parent9213d9cc7bcd731baaf606fcdc956764482f45e9 (diff)
downloadvyos-1x-993b87458456bc6fcbe5aa7fbc7c0c31580032ce.tar.gz
vyos-1x-993b87458456bc6fcbe5aa7fbc7c0c31580032ce.zip
Merge pull request #1130 from sarthurdev/firewall
firewall: T4130: Fix firewall state-policy errors
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/template.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 2987fcd0e..7671bf377 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -517,7 +517,7 @@ def nft_rule(rule_conf, fw_name, rule_id, ip_name='ip'):
return parse_rule(rule_conf, fw_name, rule_id, ip_name)
@register_filter('nft_state_policy')
-def nft_state_policy(conf, state):
+def nft_state_policy(conf, state, ipv6=False):
out = [f'ct state {state}']
if 'log' in conf and 'enable' in conf['log']:
@@ -526,7 +526,11 @@ def nft_state_policy(conf, state):
out.append('counter')
if 'action' in conf:
- out.append(conf['action'])
+ if conf['action'] == 'accept':
+ jump_target = 'VYOS_POST_FW6' if ipv6 else 'VYOS_POST_FW'
+ out.append(f'jump {jump_target}')
+ else:
+ out.append(conf['action'])
return " ".join(out)