summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-07-05 22:09:57 +0200
committerGitHub <noreply@github.com>2022-07-05 22:09:57 +0200
commitf794ed27e3991bff9bd41e868f53a5b393a519d3 (patch)
tree3c81cd13ed8167783a69d4e27b4b97fced34777f
parent373aacd2375f35400a351345b2fa849efdae0543 (diff)
parentd9ba5d4a6f38111b9656c91589bdc274214ac93b (diff)
downloadvyos-1x-f794ed27e3991bff9bd41e868f53a5b393a519d3.tar.gz
vyos-1x-f794ed27e3991bff9bd41e868f53a5b393a519d3.zip
Merge pull request #1393 from sarthurdev/firewall_migrate
firewall: T2199: Fix migration when `icmpv6 type` is an integer
-rw-r--r--smoketest/configs/dialup-router-complex21
-rwxr-xr-xsrc/migration-scripts/firewall/6-to-75
2 files changed, 24 insertions, 2 deletions
diff --git a/smoketest/configs/dialup-router-complex b/smoketest/configs/dialup-router-complex
index ac5ff5e99..909e6d17b 100644
--- a/smoketest/configs/dialup-router-complex
+++ b/smoketest/configs/dialup-router-complex
@@ -66,6 +66,27 @@ firewall {
action accept
protocol icmpv6
}
+ rule 15 {
+ action accept
+ icmpv6 {
+ type 1
+ }
+ protocol icmpv6
+ }
+ rule 16 {
+ action accept
+ icmpv6 {
+ type 1/1
+ }
+ protocol icmpv6
+ }
+ rule 17 {
+ action accept
+ icmpv6 {
+ type destination-unreachable
+ }
+ protocol icmpv6
+ }
}
ipv6-name ALLOW-ESTABLISHED-6 {
default-action drop
diff --git a/src/migration-scripts/firewall/6-to-7 b/src/migration-scripts/firewall/6-to-7
index 5f4cff90d..626d6849f 100755
--- a/src/migration-scripts/firewall/6-to-7
+++ b/src/migration-scripts/firewall/6-to-7
@@ -194,11 +194,12 @@ if config.exists(base + ['ipv6-name']):
if config.exists(rule_icmp + ['type']):
tmp = config.return_value(rule_icmp + ['type'])
- type_code_match = re.match(r'^(\d+)/(\d+)$', tmp)
+ type_code_match = re.match(r'^(\d+)(?:/(\d+))?$', tmp)
if type_code_match:
config.set(rule_icmp + ['type'], value=type_code_match[1])
- config.set(rule_icmp + ['code'], value=type_code_match[2])
+ if type_code_match[2]:
+ config.set(rule_icmp + ['code'], value=type_code_match[2])
elif tmp in icmpv6_remove:
config.delete(rule_icmp + ['type'])
elif tmp in icmpv6_translations: