From f1dcd2d23f89251b0a96c61f8186002cb0d50d18 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Tue, 13 Feb 2024 12:06:07 +0000
Subject: T5928: Change firewall priority to 319

Change the firewall priority to 319, after interface ethernet
configuration
For example if we use VLANs and the vlan interface must be
created before we can use it in the firewall/flowtable

The current priority
```
199 firewall
300 interfaces/dummy
300 interfaces/loopback
300 interfaces/virtual-ethernet
310 interfaces/bridge
310 interfaces/input
318 interfaces/ethernet
...
```
---
 interface-definitions/firewall.xml.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 662ba24ab..a2c2b0c58 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -2,7 +2,7 @@
 <interfaceDefinition>
   <node name="firewall" owner="${vyos_conf_scripts_dir}/firewall.py">
     <properties>
-      <priority>199</priority>
+      <priority>319</priority>
       <help>Firewall</help>
     </properties>
     <children>
-- 
cgit v1.2.3


From ef87bd7320da2750de4d93c14314965704f3dfbd Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Tue, 13 Feb 2024 12:12:49 +0000
Subject: T5928: Smoketest change firewall flowtable test to use VLAN

---
 smoketest/scripts/cli/test_firewall.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index 415f3436f..bc2848492 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -813,7 +813,8 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         self.verify_nftables(nftables_search_v6, 'ip6 vyos_filter')
 
     def test_flow_offload(self):
-        self.cli_set(['firewall', 'flowtable', 'smoketest', 'interface', 'eth0'])
+        self.cli_set(['interfaces', 'ethernet', 'eth0', 'vif', '10'])
+        self.cli_set(['firewall', 'flowtable', 'smoketest', 'interface', 'eth0.10'])
         self.cli_set(['firewall', 'flowtable', 'smoketest', 'offload', 'hardware'])
 
         # QEMU virtual NIC does not support hw-tc-offload
@@ -839,7 +840,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         nftables_search = [
             ['flowtable VYOS_FLOWTABLE_smoketest'],
             ['hook ingress priority filter'],
-            ['devices = { eth0 }'],
+            ['devices = { eth0.10 }'],
             ['ct state { established, related }', 'meta l4proto { tcp, udp }', 'flow add @VYOS_FLOWTABLE_smoketest'],
         ]
 
-- 
cgit v1.2.3