1 files changed, 27 insertions, 0 deletions

diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index b9439d42b..34d0b73f6 100755
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -156,6 +156,20 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
             proto = '{tcp, udp}'
         output.append(f'meta l4proto {operator} {proto}')
 
+    if 'ethernet_type' in rule_conf:
+        ether_type_mapping = {
+            '802.1q': '8021q',
+            '802.1ad': '8021ad',
+            'ipv6': 'ip6',
+            'ipv4': 'ip',
+            'arp': 'arp'
+        }
+        ether_type = rule_conf['ethernet_type']
+        operator = '!=' if ether_type.startswith('!') else ''
+        ether_type = ether_type.lstrip('!')
+        ether_type = ether_type_mapping.get(ether_type, ether_type)
+        output.append(f'ether type {operator} {ether_type}')
+
     for side in ['destination', 'source']:
         if side in rule_conf:
             prefix = side[0]
@@ -487,6 +501,19 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
             output.append(f'vlan id {rule_conf["vlan"]["id"]}')
         if 'priority' in rule_conf['vlan']:
             output.append(f'vlan pcp {rule_conf["vlan"]["priority"]}')
+        if 'ethernet_type' in rule_conf['vlan']:
+            ether_type_mapping = {
+                '802.1q': '8021q',
+                '802.1ad': '8021ad',
+                'ipv6': 'ip6',
+                'ipv4': 'ip',
+                'arp': 'arp'
+            }
+            ether_type = rule_conf['vlan']['ethernet_type']
+            operator = '!=' if ether_type.startswith('!') else ''
+            ether_type = ether_type.lstrip('!')
+            ether_type = ether_type_mapping.get(ether_type, ether_type)
+            output.append(f'vlan type {operator} {ether_type}')
 
     if 'log' in rule_conf:
         action = rule_conf['action'] if 'action' in rule_conf else 'accept'