From 81a269d2d7ac669b6de2e46f9a331525b930b589 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Fri, 10 Jun 2022 17:41:11 +0000 Subject: Firewall:T4458: Add ttl match option in firewall --- python/vyos/firewall.py | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'python/vyos/firewall.py') diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 31fe8b5e3..355ec44b0 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -231,6 +231,13 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): value = rule_conf['hop_limit'][op] output.append(f'ip6 hoplimit {operator} {value}') + if 'ttl' in rule_conf: + operators = {'eq': '==', 'gt': '>', 'lt': '<'} + for op, operator in operators.items(): + if op in rule_conf['ttl']: + value = rule_conf['ttl'][op] + output.append(f'ip ttl {operator} {value}') + for icmp in ['icmp', 'icmpv6']: if icmp in rule_conf: if 'type_name' in rule_conf[icmp]: -- cgit v1.2.3