From 85f19deb34884337af343fc39b1ce484c9ba1ddb Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Wed, 14 Aug 2024 12:12:56 +0000 Subject: T6646: conntrack: in ignore rules, if protocols=all, do not append it to the rule (cherry picked from commit 2d953bedd0e416ead924f77ec612c997f950535a) --- python/vyos/template.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) mode change 100644 => 100755 python/vyos/template.py (limited to 'python/vyos') diff --git a/python/vyos/template.py b/python/vyos/template.py old mode 100644 new mode 100755 index a4fff649c..2a99eef9d --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -692,7 +692,8 @@ def conntrack_rule(rule_conf, rule_id, action, ipv6=False): else: for protocol, protocol_config in rule_conf['protocol'].items(): proto = protocol - output.append(f'meta l4proto {proto}') + if proto != 'all': + output.append(f'meta l4proto {proto}') tcp_flags = dict_search_args(rule_conf, 'tcp', 'flags') if tcp_flags and action != 'timeout': -- cgit v1.2.3