From f7c805e95b4b9cf1020a04847ae38fb13bea375b Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Tue, 13 Feb 2024 12:06:07 +0000 Subject: T5928: Change firewall priority to 319 Change the firewall priority to 319, after interface ethernet configuration For example if we use VLANs and the vlan interface must be created before we can use it in the firewall/flowtable The current priority ``` 199 firewall 300 interfaces/dummy 300 interfaces/loopback 300 interfaces/virtual-ethernet 310 interfaces/bridge 310 interfaces/input 318 interfaces/ethernet ... ``` (cherry picked from commit f1dcd2d23f89251b0a96c61f8186002cb0d50d18) --- interface-definitions/firewall.xml.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 662ba24ab..a2c2b0c58 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -2,7 +2,7 @@ - 199 + 319 Firewall -- cgit v1.2.3 From b3922818710d2c698c82f7f9fea5b4ae1b21921c Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Tue, 13 Feb 2024 12:12:49 +0000 Subject: T5928: Smoketest change firewall flowtable test to use VLAN (cherry picked from commit ef87bd7320da2750de4d93c14314965704f3dfbd) --- smoketest/scripts/cli/test_firewall.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py index 415f3436f..bc2848492 100755 --- a/smoketest/scripts/cli/test_firewall.py +++ b/smoketest/scripts/cli/test_firewall.py @@ -813,7 +813,8 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase): self.verify_nftables(nftables_search_v6, 'ip6 vyos_filter') def test_flow_offload(self): - self.cli_set(['firewall', 'flowtable', 'smoketest', 'interface', 'eth0']) + self.cli_set(['interfaces', 'ethernet', 'eth0', 'vif', '10']) + self.cli_set(['firewall', 'flowtable', 'smoketest', 'interface', 'eth0.10']) self.cli_set(['firewall', 'flowtable', 'smoketest', 'offload', 'hardware']) # QEMU virtual NIC does not support hw-tc-offload @@ -839,7 +840,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase): nftables_search = [ ['flowtable VYOS_FLOWTABLE_smoketest'], ['hook ingress priority filter'], - ['devices = { eth0 }'], + ['devices = { eth0.10 }'], ['ct state { established, related }', 'meta l4proto { tcp, udp }', 'flow add @VYOS_FLOWTABLE_smoketest'], ] -- cgit v1.2.3