Merge pull request #3087 from nicolas-fort/T6061-ct-status

T6061: fix rule parsing when connection-status is used

2 files changed, 4 insertions, 4 deletions

diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 49e095946..e70b4f0d9 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -136,10 +136,10 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
     if 'connection_status' in rule_conf and rule_conf['connection_status']:
         status = rule_conf['connection_status']
         if status['nat'] == 'destination':
-            nat_status = '{dnat}'
+            nat_status = 'dnat'
             output.append(f'ct status {nat_status}')
         if status['nat'] == 'source':
-            nat_status = '{snat}'
+            nat_status = 'snat'
             output.append(f'ct status {nat_status}')
 
     if 'protocol' in rule_conf and rule_conf['protocol'] != 'all':
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index be5960bbd..9e8473fa4 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -629,8 +629,8 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         nftables_search = [
             ['ct state { established, related }', 'accept'],
             ['ct state invalid', 'reject'],
-            ['ct state new', 'ct status == dnat', 'accept'],
-            ['ct state { established, new }', 'ct status == snat', 'accept'],
+            ['ct state new', 'ct status dnat', 'accept'],
+            ['ct state { established, new }', 'ct status snat', 'accept'],
             ['ct state related', 'ct helper { "ftp", "pptp" }', 'accept'],
             ['drop', f'comment "{name} default-action drop"'],
             ['jump VYOS_STATE_POLICY'],