diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-06-11 09:49:11 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-06-11 09:51:15 +0200 |
| commit | 2cbc4eb005fc936e37a34a1ef539d164f21f90b5 (patch) | |
| tree | 451204ef658cda518c16b99ca22c419bb779ba0f | |
| parent | 50a5a29ae128795d718a3ed6878887d49544f54d (diff) | |
| download | vyos-1x-2cbc4eb005fc936e37a34a1ef539d164f21f90b5.tar.gz vyos-1x-2cbc4eb005fc936e37a34a1ef539d164f21f90b5.zip | |
firewall: T3900: fix migration and smoketests
Commit 770edf016838523 ("T3900: T6394: extend functionalities in firewall")
changed the position in the CLI for conntrack timeout. This lead to failing
smoketests because of a regression in the migrator.
| -rw-r--r-- | smoketest/config-tests/dialup-router-wireguard-ipv6 | 8 | ||||
| -rwxr-xr-x | src/migration-scripts/firewall/15-to-16 | 5 |
2 files changed, 7 insertions, 6 deletions
diff --git a/smoketest/config-tests/dialup-router-wireguard-ipv6 b/smoketest/config-tests/dialup-router-wireguard-ipv6 index c054b4650..814a62d55 100644 --- a/smoketest/config-tests/dialup-router-wireguard-ipv6 +++ b/smoketest/config-tests/dialup-router-wireguard-ipv6 @@ -192,10 +192,6 @@ set service snmp location 'CLOUD' set system conntrack expect-table-size '2048' set system conntrack hash-size '32768' set system conntrack table-size '262144' -set system conntrack timeout icmp '30' -set system conntrack timeout other '600' -set system conntrack timeout udp other '300' -set system conntrack timeout udp stream '300' set system domain-name 'vyos.net' set system host-name 'r1' set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' @@ -216,6 +212,10 @@ set firewall global-options receive-redirects 'disable' set firewall global-options send-redirects 'enable' set firewall global-options source-validation 'disable' set firewall global-options syn-cookies 'enable' +set firewall global-options timeout icmp '30' +set firewall global-options timeout other '600' +set firewall global-options timeout udp other '300' +set firewall global-options timeout udp stream '300' set firewall global-options twa-hazards-protection 'disable' set firewall group address-group DMZ-RDP-SERVER address '172.16.33.40' set firewall group address-group DMZ-RDP-SERVER description 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata' diff --git a/src/migration-scripts/firewall/15-to-16 b/src/migration-scripts/firewall/15-to-16 index 7c8d38fe6..28df1256e 100755 --- a/src/migration-scripts/firewall/15-to-16 +++ b/src/migration-scripts/firewall/15-to-16 @@ -42,8 +42,9 @@ if not config.exists(conntrack_base): for protocol in ['icmp', 'tcp', 'udp', 'other']: if config.exists(conntrack_base + [protocol]): - if not config.exists(firewall_base): + if not config.exists(firewall_base + ['timeout']): config.set(firewall_base + ['timeout']) + config.copy(conntrack_base + [protocol], firewall_base + ['timeout', protocol]) config.delete(conntrack_base + [protocol]) @@ -52,4 +53,4 @@ try: f.write(config.to_string()) except OSError as e: print("Failed to save the modified config: {}".format(e)) - exit(1)
\ No newline at end of file + exit(1) |