summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--data/templates/monitoring/telegraf.tmpl5
-rw-r--r--interface-definitions/include/nat-port.xml.i7
-rw-r--r--interface-definitions/include/nat-translation-port.xml.i3
-rw-r--r--python/vyos/firewall.py4
-rw-r--r--python/vyos/util.py13
5 files changed, 23 insertions, 9 deletions
diff --git a/data/templates/monitoring/telegraf.tmpl b/data/templates/monitoring/telegraf.tmpl
index afc04aa6d..f05396d91 100644
--- a/data/templates/monitoring/telegraf.tmpl
+++ b/data/templates/monitoring/telegraf.tmpl
@@ -42,11 +42,6 @@
dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"]
[[inputs.ethtool]]
interface_include = {{ interfaces_ethernet }}
-[[inputs.iptables]]
- use_sudo = false
- table = "filter"
- chains = {{ nft_chains }}
- use_lock = true
[[inputs.ntpq]]
dns_lookup = true
[[inputs.internal]]
diff --git a/interface-definitions/include/nat-port.xml.i b/interface-definitions/include/nat-port.xml.i
index 7aabc33c3..5f762cfb3 100644
--- a/interface-definitions/include/nat-port.xml.i
+++ b/interface-definitions/include/nat-port.xml.i
@@ -3,6 +3,10 @@
<properties>
<help>Port number</help>
<valueHelp>
+ <format>txt</format>
+ <description>Named port (any name in /etc/services, e.g., http)</description>
+ </valueHelp>
+ <valueHelp>
<format>u32:1-65535</format>
<description>Numeric IP port</description>
</valueHelp>
@@ -14,6 +18,9 @@
<format/>
<description>\n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005'</description>
</valueHelp>
+ <constraint>
+ <validator name="port-multi"/>
+ </constraint>
</properties>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/nat-translation-port.xml.i b/interface-definitions/include/nat-translation-port.xml.i
index 6e507353c..6f17df3d9 100644
--- a/interface-definitions/include/nat-translation-port.xml.i
+++ b/interface-definitions/include/nat-translation-port.xml.i
@@ -10,6 +10,9 @@
<format>range</format>
<description>Numbered port range (e.g., 1001-1005)</description>
</valueHelp>
+ <constraint>
+ <validator name="port-range"/>
+ </constraint>
</properties>
</leafNode>
<!-- include end -->
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 808e90e38..4993d855e 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -190,8 +190,8 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
def parse_tcp_flags(flags):
include = [flag for flag in flags if flag != 'not']
- all_flags = include + [flag for flag in flags['not']] if 'not' in flags else []
- return f'tcp flags & ({"|".join(all_flags)}) == {"|".join(include)}'
+ exclude = flags['not'].keys() if 'not' in flags else []
+ return f'tcp flags & ({"|".join(include + exclude)}) == {"|".join(include)}'
def parse_time(time):
out = []
diff --git a/python/vyos/util.py b/python/vyos/util.py
index 954c6670d..571d43754 100644
--- a/python/vyos/util.py
+++ b/python/vyos/util.py
@@ -952,14 +952,23 @@ def install_into_config(conf, config_paths, override_prompt=True):
return None
count = 0
+ failed = []
for path in config_paths:
if override_prompt and conf.exists(path) and not conf.is_multi(path):
if not ask_yes_no(f'Config node "{node}" already exists. Do you want to overwrite it?'):
continue
- cmd(f'/opt/vyatta/sbin/my_set {path}')
- count += 1
+ try:
+ cmd(f'/opt/vyatta/sbin/my_set {path}')
+ count += 1
+ except:
+ failed.append(path)
+
+ if failed:
+ print(f'Failed to install {len(failed)} value(s). Commands to manually install:')
+ for path in failed:
+ print(f'set {path}')
if count > 0:
print(f'{count} value(s) installed. Use "compare" to see the pending changes, and "commit" to apply.')
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-24 13:08:38 +0000