diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-06-10 20:19:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-10 20:19:17 +0200 |
| commit | c3275306ce56bd803c6f833d85c9212ea8db0dfe (patch) | |
| tree | ffcbb4b966bcc84e021d193d7c4b3c7622e6f6ab /python | |
| parent | 299e16aae6d2b1038be5b3d492000c590050b4c9 (diff) | |
| parent | 81a269d2d7ac669b6de2e46f9a331525b930b589 (diff) | |
| download | vyos-1x-c3275306ce56bd803c6f833d85c9212ea8db0dfe.tar.gz vyos-1x-c3275306ce56bd803c6f833d85c9212ea8db0dfe.zip | |
Merge pull request #1355 from nicolas-fort/T4458-ipv4-ttl
Firewall:T4458: Add ttl match option in firewall
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/firewall.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 31fe8b5e3..355ec44b0 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -231,6 +231,13 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): value = rule_conf['hop_limit'][op] output.append(f'ip6 hoplimit {operator} {value}') + if 'ttl' in rule_conf: + operators = {'eq': '==', 'gt': '>', 'lt': '<'} + for op, operator in operators.items(): + if op in rule_conf['ttl']: + value = rule_conf['ttl'][op] + output.append(f'ip ttl {operator} {value}') + for icmp in ['icmp', 'icmpv6']: if icmp in rule_conf: if 'type_name' in rule_conf[icmp]: |