summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-07-05 19:52:01 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-07-05 20:05:40 +0200
commitf29dbc415a8b8153cfe0046dfea64f14c6182d8a (patch)
treef61d3e8ed99ef539d1915eb17b9cfe189ce6e681
parent373aacd2375f35400a351345b2fa849efdae0543 (diff)
downloadvyos-1x-f29dbc415a8b8153cfe0046dfea64f14c6182d8a.tar.gz
vyos-1x-f29dbc415a8b8153cfe0046dfea64f14c6182d8a.zip
zone-policy: T4512: Add support for `enable-default-log`
-rw-r--r--data/templates/zone_policy/nftables.j212
-rw-r--r--interface-definitions/zone-policy.xml.in1
2 files changed, 7 insertions, 6 deletions
diff --git a/data/templates/zone_policy/nftables.j2 b/data/templates/zone_policy/nftables.j2
index e4c4dd7da..fe941f9f8 100644
--- a/data/templates/zone_policy/nftables.j2
+++ b/data/templates/zone_policy/nftables.j2
@@ -16,7 +16,7 @@ table ip filter {
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
- counter {{ zone_conf.default_action }}
+ {{ zone_conf | nft_default_rule('zone_' + zone_name) }}
}
chain VZONE_{{ zone_name }}_OUT {
oifname lo counter return
@@ -24,7 +24,7 @@ table ip filter {
oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
oifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
- counter {{ zone_conf.default_action }}
+ {{ zone_conf | nft_default_rule('zone_' + zone_name) }}
}
{% else %}
chain VZONE_{{ zone_name }} {
@@ -38,7 +38,7 @@ table ip filter {
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endif %}
{% endfor %}
- counter {{ zone_conf.default_action }}
+ {{ zone_conf | nft_default_rule('zone_' + zone_name) }}
}
{% endif %}
{% endfor %}
@@ -53,7 +53,7 @@ table ip6 filter {
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
- counter {{ zone_conf.default_action }}
+ {{ zone_conf | nft_default_rule('zone6_' + zone_name) }}
}
chain VZONE6_{{ zone_name }}_OUT {
oifname lo counter return
@@ -61,7 +61,7 @@ table ip6 filter {
oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
oifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
- counter {{ zone_conf.default_action }}
+ {{ zone_conf | nft_default_rule('zone6_' + zone_name) }}
}
{% else %}
chain VZONE6_{{ zone_name }} {
@@ -75,7 +75,7 @@ table ip6 filter {
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endif %}
{% endfor %}
- counter {{ zone_conf.default_action }}
+ {{ zone_conf | nft_default_rule('zone6_' + zone_name) }}
}
{% endif %}
{% endfor %}
diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in
index 8af0dcfb6..dca4c59d1 100644
--- a/interface-definitions/zone-policy.xml.in
+++ b/interface-definitions/zone-policy.xml.in
@@ -19,6 +19,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
+ #include <include/firewall/name-default-log.xml.i>
<leafNode name="default-action">
<properties>
<help>Default-action for traffic coming into this zone</help>