firewall: T970: Fix for Regex for domain and check empty group

It can be more then 5 symbols in top-level-domain address
for example '.photography' and '.accountants'

Firewall group can be added without address:
    * set firewall group domain-group DOMAIN
Check if 'address' exists in group_config

2 files changed, 4 insertions, 3 deletions

diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 63095bc20..3250794d3 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -117,7 +117,7 @@
                     <description>Domain address to match</description>
                   </valueHelp>
                   <constraint>
-                    <regex>[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}?(\/.*)?</regex>
+                    <regex>[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,99}?(\/.*)?</regex>
                   </constraint>
                   <multi/>
                 </properties>
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 335098bf1..fbe0a3a13 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -423,8 +423,9 @@ def apply(firewall):
             call('systemctl restart vyos-domain-group-resolve.service')
             for group, group_config in firewall['group']['domain_group'].items():
                 domains = []
-                for address in group_config['address']:
-                    domains.append(address)
+                if group_config.get('address') is not None:
+                    for address in group_config.get('address'):
+                        domains.append(address)
                 # Add elements to domain-group, try to resolve domain => ip
                 # and add elements to nft set
                 ip_dict = get_ips_domains_dict(domains)