From 9f7f1ebb15a2dce507693830517bc1c0c2b6815e Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Thu, 3 Feb 2022 00:30:52 +0100 Subject: firewall: T4178: Fix only inverse matching on tcp flags --- python/vyos/firewall.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'python') diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index a74fd922a..c1217b420 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -208,7 +208,7 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): def parse_tcp_flags(flags): include = [flag for flag in flags if flag != 'not'] exclude = list(flags['not']) if 'not' in flags else [] - return f'tcp flags & ({"|".join(include + exclude)}) == {"|".join(include)}' + return f'tcp flags & ({"|".join(include + exclude)}) == {"|".join(include) if include else "0x0"}' def parse_time(time): out = [] -- cgit v1.2.3