T4309: Conntrack ignore fix to handle interface any

Interface 'any' not expected in nft rules, it means that option iifname shouldn't exist at all set system conntrack ignore ipv4 rule 10 inbound-interface 'any' table ip raw { chain VYOS_CT_IGNORE { iifname "any" counter packets 0 bytes 0 notrack comment "ignore-10" return } } Fix it
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2023-09-12 15:35:38 +0000
committer: Viacheslav Hletenko <v.gletenko@vyos.io> 2023-09-12 15:59:04 +0000
commit: b730015945dcac62db4373ebfa8072d7bc1acff1 (patch)
tree: 503c6916fd8fd851a0646b87ed2df884258fc887
parent: cd3dda75534abf2453c5dcd47969f4119a0e0dae (diff)
download: vyos-1x-b730015945dcac62db4373ebfa8072d7bc1acff1.tar.gz
vyos-1x-b730015945dcac62db4373ebfa8072d7bc1acff1.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py
index c1b57b883..add4d3ce5 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -671,7 +671,8 @@ def conntrack_ignore_rule(rule_conf, rule_id, ipv6=False):
 
     if 'inbound_interface' in rule_conf:
         ifname = rule_conf['inbound_interface']
-        output.append(f'iifname {ifname}')
+        if ifname != 'any':
+            output.append(f'iifname {ifname}')
 
     if 'protocol' in rule_conf:
         proto = rule_conf['protocol']
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-09-12 15:35:38 +0000
committer	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-09-12 15:59:04 +0000
commit	b730015945dcac62db4373ebfa8072d7bc1acff1 (patch)
tree	503c6916fd8fd851a0646b87ed2df884258fc887
parent	cd3dda75534abf2453c5dcd47969f4119a0e0dae (diff)
download	vyos-1x-b730015945dcac62db4373ebfa8072d7bc1acff1.tar.gz vyos-1x-b730015945dcac62db4373ebfa8072d7bc1acff1.zip