Merge pull request #3967 from vyos/mergify/bp/sagitta/pr-3964

T6643: firewall: fix ip address range parsing on firewall rules. (backport #3964)

1 files changed, 13 insertions, 1 deletions

diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index d7b7b80a8..1ef42e9a3 100644..100755
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -164,7 +164,19 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
                 if address_mask:
                     operator = '!=' if exclude else '=='
                     operator = f'& {address_mask} {operator} '
-                output.append(f'{ip_name} {prefix}addr {operator}{suffix}')
+
+                if suffix.find('-') != -1:
+                    # Range
+                    start, end = suffix.split('-')
+                    if is_ipv4(start):
+                        output.append(f'ip {prefix}addr {operator}{suffix}')
+                    else:
+                        output.append(f'ip6 {prefix}addr {operator}{suffix}')
+                else:
+                    if is_ipv4(suffix):
+                        output.append(f'ip {prefix}addr {operator}{suffix}')
+                    else:
+                        output.append(f'ip6 {prefix}addr {operator}{suffix}')
 
             if 'fqdn' in side_conf:
                 fqdn = side_conf['fqdn']