From ff58f3e5f30d3775487a6a3b561863aa37d11d43 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Fri, 9 Aug 2024 14:03:21 +0000 Subject: T6643: firewall: fix ip address range parsing on firewall rules. --- python/vyos/firewall.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) mode change 100644 => 100755 python/vyos/firewall.py (limited to 'python/vyos') diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py old mode 100644 new mode 100755 index 3976a5580..f0cf3c924 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -167,10 +167,19 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name): if address_mask: operator = '!=' if exclude else '==' operator = f'& {address_mask} {operator} ' - if is_ipv4(suffix): - output.append(f'ip {prefix}addr {operator}{suffix}') + + if suffix.find('-') != -1: + # Range + start, end = suffix.split('-') + if is_ipv4(start): + output.append(f'ip {prefix}addr {operator}{suffix}') + else: + output.append(f'ip6 {prefix}addr {operator}{suffix}') else: - output.append(f'ip6 {prefix}addr {operator}{suffix}') + if is_ipv4(suffix): + output.append(f'ip {prefix}addr {operator}{suffix}') + else: + output.append(f'ip6 {prefix}addr {operator}{suffix}') if 'fqdn' in side_conf: fqdn = side_conf['fqdn'] -- cgit v1.2.3