diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-12-19 19:32:45 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-19 19:32:45 +0100 |
| commit | 71d2c583e3b8331e877bbb2f364b6da5c0a587a0 (patch) | |
| tree | 41069c9cf16f53091ee13812aed97cf3f2194ff0 /python/vyos | |
| parent | c4097097487467300a0a63c8a75f670dc0429f7c (diff) | |
| parent | d9c9092dcdc430b26a326345934c4513534bff9b (diff) | |
| download | vyos-1x-71d2c583e3b8331e877bbb2f364b6da5c0a587a0.tar.gz vyos-1x-71d2c583e3b8331e877bbb2f364b6da5c0a587a0.zip | |
Merge pull request #1718 from nicolas-fort/T4886_conn_mark
T4886: Firewall and route policy: Add connection-mark feature to vyos.
Diffstat (limited to 'python/vyos')
| -rw-r--r-- | python/vyos/firewall.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 429c44802..b4b9e67bb 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -322,6 +322,10 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): if tcp_mss: output.append(f'tcp option maxseg size {tcp_mss}') + if 'connection_mark' in rule_conf: + conn_mark_str = ','.join(rule_conf['connection_mark']) + output.append(f'ct mark {{{conn_mark_str}}}') + output.append('counter') if 'set' in rule_conf: @@ -368,6 +372,9 @@ def parse_time(time): def parse_policy_set(set_conf, def_suffix): out = [] + if 'connection_mark' in set_conf: + conn_mark = set_conf['connection_mark'] + out.append(f'ct mark set {conn_mark}') if 'dscp' in set_conf: dscp = set_conf['dscp'] out.append(f'ip{def_suffix} dscp set {dscp}') |