# Copyright 2022-2024 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with this library. If not, see <http://www.gnu.org/licenses/>. # T4780: Add firewall interface group # cli changes from: # set firewall [name | ipv6-name] <name> rule <number> [inbound-interface | outbound-interface] <interface_name> # To # set firewall [name | ipv6-name] <name> rule <number> [inbound-interface | outbound-interface] [interface-name | interface-group] <interface_name | interface_group> from vyos.configtree import ConfigTree base = ['firewall'] def migrate(config: ConfigTree) -> None: if not config.exists(base): # Nothing to do return if config.exists(base + ['name']): for name in config.list_nodes(base + ['name']): if not config.exists(base + ['name', name, 'rule']): continue for rule in config.list_nodes(base + ['name', name, 'rule']): rule_iiface = base + ['name', name, 'rule', rule, 'inbound-interface'] rule_oiface = base + ['name', name, 'rule', rule, 'outbound-interface'] if config.exists(rule_iiface): tmp = config.return_value(rule_iiface) config.delete(rule_iiface) config.set(rule_iiface + ['interface-name'], value=tmp) if config.exists(rule_oiface): tmp = config.return_value(rule_oiface) config.delete(rule_oiface) config.set(rule_oiface + ['interface-name'], value=tmp) if config.exists(base + ['ipv6-name']): for name in config.list_nodes(base + ['ipv6-name']): if not config.exists(base + ['ipv6-name', name, 'rule']): continue for rule in config.list_nodes(base + ['ipv6-name', name, 'rule']): rule_iiface = base + ['ipv6-name', name, 'rule', rule, 'inbound-interface'] rule_oiface = base + ['ipv6-name', name, 'rule', rule, 'outbound-interface'] if config.exists(rule_iiface): tmp = config.return_value(rule_iiface) config.delete(rule_iiface) config.set(rule_iiface + ['interface-name'], value=tmp) if config.exists(rule_oiface): tmp = config.return_value(rule_oiface) config.delete(rule_oiface) config.set(rule_oiface + ['interface-name'], value=tmp)