diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-08-14 22:47:02 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-14 22:47:02 +0200 |
| commit | 2aa26f836caf777255a06083208ee7bb9dab4726 (patch) | |
| tree | b3b4da382fe38782344bfc054abe849662157937 | |
| parent | 948efe77310820a39083745573ae99644e30ef6e (diff) | |
| parent | ebcb9c6e9a5b55219c3d538686df4a55cdcdc86d (diff) | |
| download | vyos-1x-2aa26f836caf777255a06083208ee7bb9dab4726.tar.gz vyos-1x-2aa26f836caf777255a06083208ee7bb9dab4726.zip | |
Merge pull request #3983 from vyos/mergify/bp/circinus/pr-3981
T6646: conntrack: in ignore rules, if protocols=all, do not append it to the rule (backport #3981)
| -rwxr-xr-x[-rw-r--r--] | python/vyos/template.py | 3 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_system_conntrack.py | 1 |
2 files changed, 3 insertions, 1 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py index e8d7ba669..768c43387 100644..100755 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -694,7 +694,8 @@ def conntrack_rule(rule_conf, rule_id, action, ipv6=False): else: for protocol, protocol_config in rule_conf['protocol'].items(): proto = protocol - output.append(f'meta l4proto {proto}') + if proto != 'all': + output.append(f'meta l4proto {proto}') tcp_flags = dict_search_args(rule_conf, 'tcp', 'flags') if tcp_flags and action != 'timeout': diff --git a/smoketest/scripts/cli/test_system_conntrack.py b/smoketest/scripts/cli/test_system_conntrack.py index 3ae7b6217..40e0d245e 100755 --- a/smoketest/scripts/cli/test_system_conntrack.py +++ b/smoketest/scripts/cli/test_system_conntrack.py @@ -206,6 +206,7 @@ class TestSystemConntrack(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '2', 'source', 'address', '192.0.2.1']) self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '2', 'destination', 'group', 'address-group', address_group]) + self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '2', 'protocol', 'all']) self.cli_set(base_path + ['ignore', 'ipv6', 'rule', '11', 'source', 'address', 'fe80::1']) self.cli_set(base_path + ['ignore', 'ipv6', 'rule', '11', 'destination', 'address', 'fe80::2']) |