summaryrefslogtreecommitdiff
path: root/python
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-04-02 18:50:42 +0200
committerGitHub <noreply@github.com>2024-04-02 18:50:42 +0200
commit92be9ee46943f38648daeb75da729a460daea9c9 (patch)
treeb6ca67716ab8e6716f56d42557adc5b55a92cd80 /python
parent0cb21915164551b3d2eaab79ed6339184957c326 (diff)
parent33b031cc9005e51129719ff42d70bf50fb7f14e1 (diff)
downloadvyos-1x-92be9ee46943f38648daeb75da729a460daea9c9.tar.gz
vyos-1x-92be9ee46943f38648daeb75da729a460daea9c9.zip
Merge pull request #3234 from vyos/mergify/bp/sagitta/pr-3230
firewall: nat: policy: vrf: nft call syntax and import cleanup (backport #3230)
Diffstat (limited to 'python')
-rw-r--r--python/vyos/firewall.py6
-rw-r--r--python/vyos/ifconfig/interface.py2
2 files changed, 4 insertions, 4 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index e70b4f0d9..e29aeb0c6 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -66,7 +66,7 @@ def fqdn_config_parse(firewall):
rule = path[4]
suffix = path[5][0]
set_name = f'{hook_name}_{priority}_{rule}_{suffix}'
-
+
if (path[0] == 'ipv4') and (path[1] == 'forward' or path[1] == 'input' or path[1] == 'output' or path[1] == 'name'):
firewall['ip_fqdn'][set_name] = domain
elif (path[0] == 'ipv6') and (path[1] == 'forward' or path[1] == 'input' or path[1] == 'output' or path[1] == 'name'):
@@ -85,7 +85,7 @@ def fqdn_resolve(fqdn, ipv6=False):
def find_nftables_rule(table, chain, rule_matches=[]):
# Find rule in table/chain that matches all criteria and return the handle
- results = cmd(f'sudo nft -a list chain {table} {chain}').split("\n")
+ results = cmd(f'sudo nft --handle list chain {table} {chain}').split("\n")
for line in results:
if all(rule_match in line for rule_match in rule_matches):
handle_search = re.search('handle (\d+)', line)
@@ -655,7 +655,7 @@ def geoip_update(firewall, force=False):
'ipv6_sets': ipv6_sets
})
- result = run(f'nft -f {nftables_geoip_conf}')
+ result = run(f'nft --file {nftables_geoip_conf}')
if result != 0:
print('Error: GeoIP failed to update firewall')
return False
diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index 430a8dfc3..b159b2367 100644
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -400,7 +400,7 @@ class Interface(Control):
else:
nft_del_element = f'delete element inet vrf_zones ct_iface_map {{ "{self.ifname}" }}'
# Check if deleting is possible first to avoid raising errors
- _, err = self._popen(f'nft -c {nft_del_element}')
+ _, err = self._popen(f'nft --check {nft_del_element}')
if not err:
# Remove map element
self._cmd(f'nft {nft_del_element}')