diff options
author | Daniil Baturin <daniil@vyos.io> | 2024-09-02 12:01:50 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-09-02 12:01:50 +0100 |
commit | c78c5bd7e65b19e0e50ef6944dc74fb33660ff71 (patch) | |
tree | 8662a3ade15426575ed0280902b566c2b4c204a2 /python/vyos | |
parent | 497863bb45cf9a20ce9e055c8b09f31c75754941 (diff) | |
parent | 8e0e1a99e5510c7575ab8a09145d6b4354692d55 (diff) | |
download | vyos-1x-c78c5bd7e65b19e0e50ef6944dc74fb33660ff71.tar.gz vyos-1x-c78c5bd7e65b19e0e50ef6944dc74fb33660ff71.zip |
Merge pull request #4018 from nicolas-fort/T6647
T6647: firewall. Introduce patch for accepting invalid ARP and DHCP
Diffstat (limited to 'python/vyos')
-rwxr-xr-x | python/vyos/firewall.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index f0cf3c924..b1978c1fa 100755 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -151,6 +151,20 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name): proto = '{tcp, udp}' output.append(f'meta l4proto {operator} {proto}') + if 'ethernet_type' in rule_conf: + ether_type_mapping = { + '802.1q': '8021q', + '802.1ad': '8021ad', + 'ipv6': 'ip6', + 'ipv4': 'ip', + 'arp': 'arp' + } + ether_type = rule_conf['ethernet_type'] + operator = '!=' if ether_type.startswith('!') else '' + ether_type = ether_type.lstrip('!') + ether_type = ether_type_mapping.get(ether_type, ether_type) + output.append(f'ether type {operator} {ether_type}') + for side in ['destination', 'source']: if side in rule_conf: prefix = side[0] |