Merge pull request #1151 from sarthurdev/firewall

firewall: policy: T4149: T4155: Fix incorrect table variable, fix handling of deleted base firewall node

2 files changed, 1 insertions, 8 deletions

diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 8b7402b7e..414ec89c1 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -209,7 +209,7 @@ def parse_policy_set(set_conf, def_suffix):
         table = set_conf['table']
         if table == 'main':
             table = '254'
-        mark = 0x7FFFFFFF - int(set_conf['table'])
+        mark = 0x7FFFFFFF - int(table)
         out.append(f'meta mark set {mark}')
     if 'tcp_mss' in set_conf:
         mss = set_conf['tcp_mss']
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 75382034f..0b4c0854f 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -104,9 +104,6 @@ def get_config(config=None):
         conf = Config()
     base = ['firewall']
 
-    if not conf.exists(base):
-        return {}
-
     firewall = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True,
                                     no_tag_node_value_mangle=True)
 
@@ -169,10 +166,6 @@ def verify_rule(firewall, rule_conf, ipv6):
                     raise ConfigError('Protocol must be tcp, udp, or tcp_udp when specifying a port or port-group')
 
 def verify(firewall):
-    # bail out early - looks like removal from running config
-    if not firewall:
-        return None
-
     if 'config_trap' in firewall and firewall['config_trap'] == 'enable':
         if not firewall['trap_targets']:
             raise ConfigError(f'Firewall config-trap enabled but "service snmp trap-target" is not defined')