Merge pull request #1136 from sarthurdev/firewall

zone-policy: T4135: Raise error when using an invalid "from" zone.
author: Christian Poessinger <christian@poessinger.com> 2022-01-05 08:23:23 +0100
committer: GitHub <noreply@github.com> 2022-01-05 08:23:23 +0100
commit: b87fd7cb75f7b1d98b7320d632438a711aa71978 (patch)
tree: cef10f080ee8b544a5f26602af979b38ee729182
parent: a893c8d8167eb6b2fe35bcbc3cd61c850456ef75 (diff)
parent: 96f577ef82721b11b474d14d8155d30891a60d3f (diff)
download: vyos-1x-b87fd7cb75f7b1d98b7320d632438a711aa71978.tar.gz
vyos-1x-b87fd7cb75f7b1d98b7320d632438a711aa71978.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/zone_policy.py b/src/conf_mode/zone_policy.py
index d605e9639..683f8f034 100755
--- a/src/conf_mode/zone_policy.py
+++ b/src/conf_mode/zone_policy.py
@@ -95,6 +95,9 @@ def verify(zone_policy):
 
             if 'from' in zone_conf:
                 for from_zone, from_conf in zone_conf['from'].items():
+                    if from_zone not in zone_policy['zone']:
+                        raise ConfigError(f'Zone "{zone}" refers to a non-existent or deleted zone "{from_zone}"')
+
                     v4_name = dict_search_args(from_conf, 'firewall', 'name')
                     if v4_name:
                         if 'name' not in zone_policy['firewall']:
author	Christian Poessinger <christian@poessinger.com>	2022-01-05 08:23:23 +0100
committer	GitHub <noreply@github.com>	2022-01-05 08:23:23 +0100
commit	b87fd7cb75f7b1d98b7320d632438a711aa71978 (patch)
tree	cef10f080ee8b544a5f26602af979b38ee729182
parent	a893c8d8167eb6b2fe35bcbc3cd61c850456ef75 (diff)
parent	96f577ef82721b11b474d14d8155d30891a60d3f (diff)
download	vyos-1x-b87fd7cb75f7b1d98b7320d632438a711aa71978.tar.gz vyos-1x-b87fd7cb75f7b1d98b7320d632438a711aa71978.zip