diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-09-08 17:36:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-08 17:36:17 +0200 |
| commit | a12559a728310f0e3bf6dc18f7bd2a0ba444b890 (patch) | |
| tree | 88d443e9961763c5ee0f922e9f68433d24f76e1e /data/templates/firewall/nftables-defines.j2 | |
| parent | 28ccebeac2ee4390d7c109a8a2da6b24769ab113 (diff) | |
| parent | 1772c0a7232789e6eeb0caa78fe630fab899522d (diff) | |
| download | vyos-1x-a12559a728310f0e3bf6dc18f7bd2a0ba444b890.tar.gz vyos-1x-a12559a728310f0e3bf6dc18f7bd2a0ba444b890.zip | |
Merge pull request #2222 from nicolas-fort/T4072-fwall-bridge
T4072: add firewall bridge filtering.
Diffstat (limited to 'data/templates/firewall/nftables-defines.j2')
| -rw-r--r-- | data/templates/firewall/nftables-defines.j2 | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2 index 0a7e79edd..a20c399ae 100644 --- a/data/templates/firewall/nftables-defines.j2 +++ b/data/templates/firewall/nftables-defines.j2 @@ -1,7 +1,7 @@ -{% macro groups(group, is_ipv6) %} +{% macro groups(group, is_ipv6, is_l3) %} {% if group is vyos_defined %} {% set ip_type = 'ipv6_addr' if is_ipv6 else 'ipv4_addr' %} -{% if group.address_group is vyos_defined and not is_ipv6 %} +{% if group.address_group is vyos_defined and not is_ipv6 and is_l3 %} {% for group_name, group_conf in group.address_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set A_{{ group_name }} { @@ -14,7 +14,7 @@ } {% endfor %} {% endif %} -{% if group.ipv6_address_group is vyos_defined and is_ipv6 %} +{% if group.ipv6_address_group is vyos_defined and is_ipv6 and is_l3 %} {% for group_name, group_conf in group.ipv6_address_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set A6_{{ group_name }} { @@ -27,7 +27,7 @@ } {% endfor %} {% endif %} -{% if group.domain_group is vyos_defined %} +{% if group.domain_group is vyos_defined and is_l3 %} {% for name, name_config in group.domain_group.items() %} set D_{{ name }} { type {{ ip_type }} @@ -46,7 +46,7 @@ } {% endfor %} {% endif %} -{% if group.network_group is vyos_defined and not is_ipv6 %} +{% if group.network_group is vyos_defined and not is_ipv6 and is_l3 %} {% for group_name, group_conf in group.network_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set N_{{ group_name }} { @@ -59,7 +59,7 @@ } {% endfor %} {% endif %} -{% if group.ipv6_network_group is vyos_defined and is_ipv6 %} +{% if group.ipv6_network_group is vyos_defined and is_ipv6 and is_l3 %} {% for group_name, group_conf in group.ipv6_network_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set N6_{{ group_name }} { @@ -72,7 +72,7 @@ } {% endfor %} {% endif %} -{% if group.port_group is vyos_defined %} +{% if group.port_group is vyos_defined and is_l3 %} {% for group_name, group_conf in group.port_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set P_{{ group_name }} { |