summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2024-09-02 12:01:50 +0100
committerGitHub <noreply@github.com>2024-09-02 12:01:50 +0100
commitc78c5bd7e65b19e0e50ef6944dc74fb33660ff71 (patch)
tree8662a3ade15426575ed0280902b566c2b4c204a2 /python/vyos
parent497863bb45cf9a20ce9e055c8b09f31c75754941 (diff)
parent8e0e1a99e5510c7575ab8a09145d6b4354692d55 (diff)
downloadvyos-1x-c78c5bd7e65b19e0e50ef6944dc74fb33660ff71.tar.gz
vyos-1x-c78c5bd7e65b19e0e50ef6944dc74fb33660ff71.zip
Merge pull request #4018 from nicolas-fort/T6647
T6647: firewall. Introduce patch for accepting invalid ARP and DHCP
Diffstat (limited to 'python/vyos')
-rwxr-xr-xpython/vyos/firewall.py14
1 files changed, 14 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index f0cf3c924..b1978c1fa 100755
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -151,6 +151,20 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
proto = '{tcp, udp}'
output.append(f'meta l4proto {operator} {proto}')
+ if 'ethernet_type' in rule_conf:
+ ether_type_mapping = {
+ '802.1q': '8021q',
+ '802.1ad': '8021ad',
+ 'ipv6': 'ip6',
+ 'ipv4': 'ip',
+ 'arp': 'arp'
+ }
+ ether_type = rule_conf['ethernet_type']
+ operator = '!=' if ether_type.startswith('!') else ''
+ ether_type = ether_type.lstrip('!')
+ ether_type = ether_type_mapping.get(ether_type, ether_type)
+ output.append(f'ether type {operator} {ether_type}')
+
for side in ['destination', 'source']:
if side in rule_conf:
prefix = side[0]