summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2023-08-11 18:26:53 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2023-08-11 18:26:53 +0000
commit4e07fa25f551325fd90b92426e4693107090d346 (patch)
tree10b00deb47480b9f0b5e7505a24d7e785f255ea1
parentf57ad85b346a08bd3aa31d95c9a7438f783c2b6e (diff)
downloadvyos-1x-4e07fa25f551325fd90b92426e4693107090d346.tar.gz
vyos-1x-4e07fa25f551325fd90b92426e4693107090d346.zip
T5460: remove config-trap from firewall
-rw-r--r--interface-definitions/include/firewall/global-options.xml.i20
-rwxr-xr-xsrc/conf_mode/firewall.py15
-rwxr-xr-xsrc/migration-scripts/firewall/10-to-1112
3 files changed, 6 insertions, 41 deletions
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index 3204a239d..a63874cb0 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -44,26 +44,6 @@
</properties>
<defaultValue>disable</defaultValue>
</leafNode>
- <leafNode name="config-trap">
- <properties>
- <help>SNMP trap generation on firewall configuration changes</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable sending SNMP trap on firewall configuration change</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable sending SNMP trap on firewall configuration change</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- <defaultValue>disable</defaultValue>
- </leafNode>
<leafNode name="ip-src-route">
<properties>
<help>Policy for handling IPv4 packets with source route option</help>
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index c8b1e27db..7c09dfe9b 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -180,14 +180,6 @@ def get_config(config=None):
# Update nat and policy-route as firewall groups were updated
set_dependents('group_resync', conf)
- #if 'config_trap' in firewall and firewall['config_trap'] == 'enable':
- if 'config_trap' in firewall and firewall['global_options']['config_trap'] == 'enable':
- diff = get_config_diff(conf)
- firewall['trap_diff'] = diff.get_child_nodes_diff_str(base)
- firewall['trap_targets'] = conf.get_config_dict(['service', 'snmp', 'trap-target'],
- key_mangling=('-', '_'), get_first_key=True,
- no_tag_node_value_mangle=True)
-
firewall['geoip_updated'] = geoip_updated(conf, firewall)
fqdn_config_parse(firewall)
@@ -327,10 +319,6 @@ def verify_nested_group(group_name, group, groups, seen):
verify_nested_group(g, groups[g], groups, seen)
def verify(firewall):
- if 'config_trap' in firewall and firewall['config_trap'] == 'enable':
- if not firewall['trap_targets']:
- raise ConfigError(f'Firewall config-trap enabled but "service snmp trap-target" is not defined')
-
if 'group' in firewall:
for group_type in nested_group_types:
if group_type in firewall['group']:
@@ -410,9 +398,6 @@ def post_apply_trap(firewall):
if 'first_install' in firewall:
return None
- if 'config_trap' not in firewall['global_options'] or firewall['global_options']['config_trap'] != 'enable':
- return None
-
if not process_named_running('snmpd'):
return None
diff --git a/src/migration-scripts/firewall/10-to-11 b/src/migration-scripts/firewall/10-to-11
index 8afcb64fd..716c5a240 100755
--- a/src/migration-scripts/firewall/10-to-11
+++ b/src/migration-scripts/firewall/10-to-11
@@ -45,7 +45,7 @@ from sys import exit
from vyos.configtree import ConfigTree
from vyos.ifconfig import Section
-if (len(argv) < 1):
+if len(argv) < 2:
print("Must specify file name!")
exit(1)
@@ -77,14 +77,14 @@ if config.exists(base + ['state-policy']):
config.set(base + [family, hook, priority, 'rule', position, 'action'], value=action)
position = position + 1
config.delete(base + ['state-policy'])
-############
## migration of global options:
for option in ['all-ping', 'broadcast-ping', 'config-trap', 'ip-src-route', 'ipv6-receive-redirects', 'ipv6-src-route', 'log-martians',
'receive-redirects', 'resolver-cache', 'resolver-internal', 'send-redirects', 'source-validation', 'syn-cookies', 'twa-hazards-protection']:
if config.exists(base + [option]):
- val = config.return_value(base + [option])
- config.set(base + ['global-options', option], value=val)
+ if option != 'config-trap':
+ val = config.return_value(base + [option])
+ config.set(base + ['global-options', option], value=val)
config.delete(base + [option])
### Migration of firewall name and ipv6-name
@@ -182,7 +182,7 @@ if config.exists(base + ['interface']):
config.delete(base + ['interface'])
-### Migration of zones config v2:
+### Migration of zones:
### User interface groups
if config.exists(base + ['zone']):
inp_ipv4_rule = 101
@@ -364,7 +364,7 @@ if config.exists(base + ['zone']):
config.delete(base + ['zone'])
-###### END migration zones v2
+###### END migration zones
try:
with open(file_name, 'w') as f: