From 1eb71e8e80a30c559932690470791cdf10ac5c76 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Wed, 7 Sep 2022 14:16:49 +0000
Subject: T1024: Firewall and Policy route: add option to match dscp value,
 both on firewall and in policy route

---
 python/vyos/firewall.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'python')

diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 0bc5378db..2fbaef0e9 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -274,6 +274,13 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
         negated_lengths_str = ','.join(rule_conf['packet_length_exclude'])
         output.append(f'ip{def_suffix} length != {{{negated_lengths_str}}}')
 
+    if 'dscp' in rule_conf:
+        dscp_str = ','.join(rule_conf['dscp'])
+        output.append(f'ip{def_suffix} dscp {{{dscp_str}}}')
+
+    if 'dscp_exclude' in rule_conf:
+        negated_dscp_str = ','.join(rule_conf['dscp_exclude'])
+        output.append(f'ip{def_suffix} dscp != {{{negated_dscp_str}}}')
 
     if 'ipsec' in rule_conf:
         if 'match_ipsec' in rule_conf['ipsec']:
-- 
cgit v1.2.3