summaryrefslogtreecommitdiff
path: root/src/migration-scripts/policy
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-01-17 18:08:34 +0100
committerGitHub <noreply@github.com>2022-01-17 18:08:34 +0100
commit9fb2e1432209f907d6e5e3ce748da243c85f2851 (patch)
tree0f3607ccd75cfad67f25ba06b62bdaa1232874fb /src/migration-scripts/policy
parent7e731c0ef503334eaab2bfd723163a9749d64da2 (diff)
parent53c2b62dda5bcd1f605a8b9ea438f0f76e366e36 (diff)
downloadvyos-1x-9fb2e1432209f907d6e5e3ce748da243c85f2851.tar.gz
vyos-1x-9fb2e1432209f907d6e5e3ce748da243c85f2851.zip
Merge pull request #1174 from sarthurdev/firewall
firewall: T4178: T3873: tcp flags syntax refactor, intra-zone-filtering fix
Diffstat (limited to 'src/migration-scripts/policy')
-rwxr-xr-xsrc/migration-scripts/policy/1-to-219
1 files changed, 19 insertions, 0 deletions
diff --git a/src/migration-scripts/policy/1-to-2 b/src/migration-scripts/policy/1-to-2
index 7ffceef22..eebbf9d41 100755
--- a/src/migration-scripts/policy/1-to-2
+++ b/src/migration-scripts/policy/1-to-2
@@ -16,6 +16,7 @@
# T4170: rename "policy ipv6-route" to "policy route6" to match common
# IPv4/IPv6 schema
+# T4178: Update tcp flags to use multi value node
from sys import argv
from sys import exit
@@ -41,6 +42,24 @@ if not config.exists(base):
config.rename(base, 'route6')
config.set_tag(['policy', 'route6'])
+for route in ['route', 'route6']:
+ route_path = ['policy', route]
+ if config.exists(route_path):
+ for name in config.list_nodes(route_path):
+ if config.exists(route_path + [name, 'rule']):
+ for rule in config.list_nodes(route_path + [name, 'rule']):
+ rule_tcp_flags = route_path + [name, 'rule', rule, 'tcp', 'flags']
+
+ if config.exists(rule_tcp_flags):
+ tmp = config.return_value(rule_tcp_flags)
+ config.delete(rule_tcp_flags)
+ for flag in tmp.split(","):
+ for flag in tmp.split(","):
+ if flag[0] == '!':
+ config.set(rule_tcp_flags + ['not', flag[1:].lower()])
+ else:
+ config.set(rule_tcp_flags + [flag.lower()])
+
if config.exists(['interfaces']):
def if_policy_rename(config, path):
if config.exists(path + ['policy', 'ipv6-route']):