summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-08-23 18:19:19 +0200
committerGitHub <noreply@github.com>2023-08-23 18:19:19 +0200
commitb88b11ee73601155a485956be80971a697a7f4d6 (patch)
tree92ca66f39d8a56fad5d834cdaa839311f82643ca /python/vyos
parent8c7fbec24f8bfe064d8ad804951f5ae59b54748f (diff)
parent524b517c53d18b0b50e7ddc83da4baec63172bb8 (diff)
downloadvyos-1x-b88b11ee73601155a485956be80971a697a7f4d6.tar.gz
vyos-1x-b88b11ee73601155a485956be80971a697a7f4d6.zip
Merge pull request #2142 from nicolas-fort/T5450
T5450: allow inverted matcher for interface and interface-group
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/firewall.py22
1 files changed, 18 insertions, 4 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 4aa509fe2..53ff8259e 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -272,20 +272,34 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
output.append(f'ip6 hoplimit {operator} {value}')
if 'inbound_interface' in rule_conf:
+ operator = ''
if 'interface_name' in rule_conf['inbound_interface']:
iiface = rule_conf['inbound_interface']['interface_name']
- output.append(f'iifname {{{iiface}}}')
+ if iiface[0] == '!':
+ operator = '!='
+ iiface = iiface[1:]
+ output.append(f'iifname {operator} {{{iiface}}}')
else:
iiface = rule_conf['inbound_interface']['interface_group']
- output.append(f'iifname @I_{iiface}')
+ if iiface[0] == '!':
+ operator = '!='
+ iiface = iiface[1:]
+ output.append(f'iifname {operator} @I_{iiface}')
if 'outbound_interface' in rule_conf:
+ operator = ''
if 'interface_name' in rule_conf['outbound_interface']:
oiface = rule_conf['outbound_interface']['interface_name']
- output.append(f'oifname {{{oiface}}}')
+ if oiface[0] == '!':
+ operator = '!='
+ oiface = oiface[1:]
+ output.append(f'oifname {operator} {{{oiface}}}')
else:
oiface = rule_conf['outbound_interface']['interface_group']
- output.append(f'oifname @I_{oiface}')
+ if oiface[0] == '!':
+ operator = '!='
+ oiface = oiface[1:]
+ output.append(f'oifname {operator} @I_{oiface}')
if 'ttl' in rule_conf:
operators = {'eq': '==', 'gt': '>', 'lt': '<'}