summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-09-02 07:41:32 +0200
committerChristian Poessinger <christian@poessinger.com>2022-09-02 06:21:32 +0200
commit96302a27db8e9aaad3f2c1a81457c5e8e048dd4b (patch)
tree06c63cba1e38428ebd110685f9ff511ebce22282 /python/vyos
parent735767f09f891c438e43565f935b927e6f1b317d (diff)
parent312ee15058fbb26feb6a93520417f0d5343ad15b (diff)
downloadvyos-1x-96302a27db8e9aaad3f2c1a81457c5e8e048dd4b.tar.gz
vyos-1x-96302a27db8e9aaad3f2c1a81457c5e8e048dd4b.zip
Merge branch 'T4651' of https://github.com/nicolas-fort/vyos-1x into firewall
* 'T4651' of https://github.com/nicolas-fort/vyos-1x: Firewall: T4651: Change proposed cli from ip-length to packet-length Firewall: T4651: Add options to match packet size on firewall rules.
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/firewall.py23
1 files changed, 23 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 663c4394a..ea28aa91d 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -265,6 +265,29 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
if 'type' in rule_conf[icmp]:
output.append(icmp + ' type ' + rule_conf[icmp]['type'])
+
+ if 'packet_length' in rule_conf:
+ #proto = rule_conf['protocol']
+ length = rule_conf['packet_length'].split(',')
+
+ lengths = []
+ negated_lengths = []
+
+ for p in length:
+ if p[0] == '!':
+ negated_lengths.append(p[1:])
+ else:
+ lengths.append(p)
+
+ if lengths:
+ lengths_str = ','.join(lengths)
+ output.append(f'ip{def_suffix} length {{{lengths_str}}}')
+
+ if negated_lengths:
+ negated_lengths_str = ','.join(negated_lengths)
+ output.append(f'ip{def_suffix} length != {{{negated_lengths_str}}}')
+
+
if 'ipsec' in rule_conf:
if 'match_ipsec' in rule_conf['ipsec']:
output.append('meta ipsec == 1')