diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-08-11 18:26:53 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-08-11 18:26:53 +0000 |
commit | 4e07fa25f551325fd90b92426e4693107090d346 (patch) | |
tree | 10b00deb47480b9f0b5e7505a24d7e785f255ea1 | |
parent | f57ad85b346a08bd3aa31d95c9a7438f783c2b6e (diff) | |
download | vyos-1x-4e07fa25f551325fd90b92426e4693107090d346.tar.gz vyos-1x-4e07fa25f551325fd90b92426e4693107090d346.zip |
T5460: remove config-trap from firewall
-rw-r--r-- | interface-definitions/include/firewall/global-options.xml.i | 20 | ||||
-rwxr-xr-x | src/conf_mode/firewall.py | 15 | ||||
-rwxr-xr-x | src/migration-scripts/firewall/10-to-11 | 12 |
3 files changed, 6 insertions, 41 deletions
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i index 3204a239d..a63874cb0 100644 --- a/interface-definitions/include/firewall/global-options.xml.i +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -44,26 +44,6 @@ </properties> <defaultValue>disable</defaultValue> </leafNode> - <leafNode name="config-trap"> - <properties> - <help>SNMP trap generation on firewall configuration changes</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable sending SNMP trap on firewall configuration change</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable sending SNMP trap on firewall configuration change</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - <defaultValue>disable</defaultValue> - </leafNode> <leafNode name="ip-src-route"> <properties> <help>Policy for handling IPv4 packets with source route option</help> diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py index c8b1e27db..7c09dfe9b 100755 --- a/src/conf_mode/firewall.py +++ b/src/conf_mode/firewall.py @@ -180,14 +180,6 @@ def get_config(config=None): # Update nat and policy-route as firewall groups were updated set_dependents('group_resync', conf) - #if 'config_trap' in firewall and firewall['config_trap'] == 'enable': - if 'config_trap' in firewall and firewall['global_options']['config_trap'] == 'enable': - diff = get_config_diff(conf) - firewall['trap_diff'] = diff.get_child_nodes_diff_str(base) - firewall['trap_targets'] = conf.get_config_dict(['service', 'snmp', 'trap-target'], - key_mangling=('-', '_'), get_first_key=True, - no_tag_node_value_mangle=True) - firewall['geoip_updated'] = geoip_updated(conf, firewall) fqdn_config_parse(firewall) @@ -327,10 +319,6 @@ def verify_nested_group(group_name, group, groups, seen): verify_nested_group(g, groups[g], groups, seen) def verify(firewall): - if 'config_trap' in firewall and firewall['config_trap'] == 'enable': - if not firewall['trap_targets']: - raise ConfigError(f'Firewall config-trap enabled but "service snmp trap-target" is not defined') - if 'group' in firewall: for group_type in nested_group_types: if group_type in firewall['group']: @@ -410,9 +398,6 @@ def post_apply_trap(firewall): if 'first_install' in firewall: return None - if 'config_trap' not in firewall['global_options'] or firewall['global_options']['config_trap'] != 'enable': - return None - if not process_named_running('snmpd'): return None diff --git a/src/migration-scripts/firewall/10-to-11 b/src/migration-scripts/firewall/10-to-11 index 8afcb64fd..716c5a240 100755 --- a/src/migration-scripts/firewall/10-to-11 +++ b/src/migration-scripts/firewall/10-to-11 @@ -45,7 +45,7 @@ from sys import exit from vyos.configtree import ConfigTree from vyos.ifconfig import Section -if (len(argv) < 1): +if len(argv) < 2: print("Must specify file name!") exit(1) @@ -77,14 +77,14 @@ if config.exists(base + ['state-policy']): config.set(base + [family, hook, priority, 'rule', position, 'action'], value=action) position = position + 1 config.delete(base + ['state-policy']) -############ ## migration of global options: for option in ['all-ping', 'broadcast-ping', 'config-trap', 'ip-src-route', 'ipv6-receive-redirects', 'ipv6-src-route', 'log-martians', 'receive-redirects', 'resolver-cache', 'resolver-internal', 'send-redirects', 'source-validation', 'syn-cookies', 'twa-hazards-protection']: if config.exists(base + [option]): - val = config.return_value(base + [option]) - config.set(base + ['global-options', option], value=val) + if option != 'config-trap': + val = config.return_value(base + [option]) + config.set(base + ['global-options', option], value=val) config.delete(base + [option]) ### Migration of firewall name and ipv6-name @@ -182,7 +182,7 @@ if config.exists(base + ['interface']): config.delete(base + ['interface']) -### Migration of zones config v2: +### Migration of zones: ### User interface groups if config.exists(base + ['zone']): inp_ipv4_rule = 101 @@ -364,7 +364,7 @@ if config.exists(base + ['zone']): config.delete(base + ['zone']) -###### END migration zones v2 +###### END migration zones try: with open(file_name, 'w') as f: |