summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-06-11 10:41:09 +0200
committerGitHub <noreply@github.com>2024-06-11 10:41:09 +0200
commitdd813e5b79d612106b0bc7a064f9633be5da9571 (patch)
tree7ba990980b5d06fd6d894f90e8f5495428644137
parent397743ff553f5213757264c3825c4155380bbb7f (diff)
parent2cbc4eb005fc936e37a34a1ef539d164f21f90b5 (diff)
downloadvyos-1x-dd813e5b79d612106b0bc7a064f9633be5da9571.tar.gz
vyos-1x-dd813e5b79d612106b0bc7a064f9633be5da9571.zip
Merge pull request #3632 from c-po/fixup-firewall
firewall: T3900: fix migration and smoketests
-rw-r--r--smoketest/config-tests/dialup-router-wireguard-ipv68
-rwxr-xr-xsrc/migration-scripts/firewall/15-to-165
2 files changed, 7 insertions, 6 deletions
diff --git a/smoketest/config-tests/dialup-router-wireguard-ipv6 b/smoketest/config-tests/dialup-router-wireguard-ipv6
index c054b4650..814a62d55 100644
--- a/smoketest/config-tests/dialup-router-wireguard-ipv6
+++ b/smoketest/config-tests/dialup-router-wireguard-ipv6
@@ -192,10 +192,6 @@ set service snmp location 'CLOUD'
set system conntrack expect-table-size '2048'
set system conntrack hash-size '32768'
set system conntrack table-size '262144'
-set system conntrack timeout icmp '30'
-set system conntrack timeout other '600'
-set system conntrack timeout udp other '300'
-set system conntrack timeout udp stream '300'
set system domain-name 'vyos.net'
set system host-name 'r1'
set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
@@ -216,6 +212,10 @@ set firewall global-options receive-redirects 'disable'
set firewall global-options send-redirects 'enable'
set firewall global-options source-validation 'disable'
set firewall global-options syn-cookies 'enable'
+set firewall global-options timeout icmp '30'
+set firewall global-options timeout other '600'
+set firewall global-options timeout udp other '300'
+set firewall global-options timeout udp stream '300'
set firewall global-options twa-hazards-protection 'disable'
set firewall group address-group DMZ-RDP-SERVER address '172.16.33.40'
set firewall group address-group DMZ-RDP-SERVER description 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata'
diff --git a/src/migration-scripts/firewall/15-to-16 b/src/migration-scripts/firewall/15-to-16
index 7c8d38fe6..28df1256e 100755
--- a/src/migration-scripts/firewall/15-to-16
+++ b/src/migration-scripts/firewall/15-to-16
@@ -42,8 +42,9 @@ if not config.exists(conntrack_base):
for protocol in ['icmp', 'tcp', 'udp', 'other']:
if config.exists(conntrack_base + [protocol]):
- if not config.exists(firewall_base):
+ if not config.exists(firewall_base + ['timeout']):
config.set(firewall_base + ['timeout'])
+
config.copy(conntrack_base + [protocol], firewall_base + ['timeout', protocol])
config.delete(conntrack_base + [protocol])
@@ -52,4 +53,4 @@ try:
f.write(config.to_string())
except OSError as e:
print("Failed to save the modified config: {}".format(e))
- exit(1) \ No newline at end of file
+ exit(1)