diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-09-18 20:24:22 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-09-18 20:26:51 +0200 |
commit | fb3ef9af5e394aa25692003fb3c185bfedefe3cb (patch) | |
tree | 377a5dd42a9bc0b4c1ee4c3e0670c1cf733f3731 /python/vyos | |
parent | 4c9c2e372aa57aba298915d5d2702ebaf0b7db91 (diff) | |
download | vyos-1x-fb3ef9af5e394aa25692003fb3c185bfedefe3cb.tar.gz vyos-1x-fb3ef9af5e394aa25692003fb3c185bfedefe3cb.zip |
conntrack: T5217: Add tcp flag matching to `system conntrack ignore`
- Moves MSS node out of `tcp-flags.xml.i` and into `tcp-mss.xml.i`
- Update smoketest to verify TCP flag matching
Diffstat (limited to 'python/vyos')
-rw-r--r-- | python/vyos/template.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py index add4d3ce5..3be486cc4 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -678,6 +678,11 @@ def conntrack_ignore_rule(rule_conf, rule_id, ipv6=False): proto = rule_conf['protocol'] output.append(f'meta l4proto {proto}') + tcp_flags = dict_search_args(rule_conf, 'tcp', 'flags') + if tcp_flags: + from vyos.firewall import parse_tcp_flags + output.append(parse_tcp_flags(tcp_flags)) + for side in ['source', 'destination']: if side in rule_conf: side_conf = rule_conf[side] |