Merge pull request #1626 from nicolas-fort/fwall_group_interface

T4780: Firewall: add firewall groups in firewall. Extend matching cri…

1 files changed, 13 insertions, 0 deletions

diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2
index dd06dee28..0a7e79edd 100644
--- a/data/templates/firewall/nftables-defines.j2
+++ b/data/templates/firewall/nftables-defines.j2
@@ -85,5 +85,18 @@
     }
 {%         endfor %}
 {%     endif %}
+{%     if group.interface_group is vyos_defined %}
+{%         for group_name, group_conf in group.interface_group.items() %}
+{%             set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
+    set I_{{ group_name }} {
+        type ifname
+        flags interval
+        auto-merge
+{%             if group_conf.interface is vyos_defined or includes %}
+        elements = { {{ group_conf.interface | nft_nested_group(includes, group.interface_group, 'interface') | join(",") }} }
+{%             endif %}
+    }
+{%         endfor %}
+{%     endif %}
 {% endif %}
 {% endmacro %}