diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-11-16 15:37:56 +0000 |
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-11-16 21:14:55 +0000 |
| commit | 2dc2df575bc4de60759a272f5e6880326501a7ef (patch) | |
| tree | bddfd01ad32d64a00af56ee1b77799ee38494ec1 /data/templates/firewall/nftables.j2 | |
| parent | c1754c4c0610824d54d03b5408ade26112bd643f (diff) | |
| download | vyos-1x-2dc2df575bc4de60759a272f5e6880326501a7ef.tar.gz vyos-1x-2dc2df575bc4de60759a272f5e6880326501a7ef.zip | |
T4072: firewall: backport bridge firewall to sagitta
Diffstat (limited to 'data/templates/firewall/nftables.j2')
| -rw-r--r-- | data/templates/firewall/nftables.j2 | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2 index 6257b576a..9fcacf677 100644 --- a/data/templates/firewall/nftables.j2 +++ b/data/templates/firewall/nftables.j2 @@ -1,6 +1,7 @@ #!/usr/sbin/nft -f {% import 'firewall/nftables-defines.j2' as group_tmpl %} +{% import 'firewall/nftables-bridge.j2' as bridge_tmpl %} {% import 'firewall/nftables-zone.j2' as zone_tmpl %} flush chain raw FW_CONNTRACK @@ -147,7 +148,7 @@ table ip vyos_filter { {% endfor %} {% endif %} {% endif %} -{{ group_tmpl.groups(group, False) }} +{{ group_tmpl.groups(group, False, True) }} {% if zone is vyos_defined %} {{ zone_tmpl.zone_chains(zone, False) }} @@ -254,10 +255,20 @@ table ip6 vyos_filter { {% endfor %} {% endif %} {% endif %} -{{ group_tmpl.groups(group, True) }} +{{ group_tmpl.groups(group, True, True) }} {% if zone is vyos_defined %} {{ zone_tmpl.zone_chains(zone, True) }} {% endif %} +} + +## Bridge Firewall +{% if first_install is not vyos_defined %} +delete table bridge vyos_filter +{% endif %} +table bridge vyos_filter { +{{ bridge_tmpl.bridge(bridge) }} +{{ group_tmpl.groups(group, False, False) }} + }
\ No newline at end of file |