Merge pull request #2756 from nicolas-fort/T4839

T4839: firewall: Add dynamic address group in firewall configuration

1 files changed, 21 insertions, 0 deletions

diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2
index a20c399ae..8a75ab2d6 100644
--- a/data/templates/firewall/nftables-defines.j2
+++ b/data/templates/firewall/nftables-defines.j2
@@ -98,5 +98,26 @@
     }
 {%         endfor %}
 {%     endif %}
+
+{%     if group.dynamic_group is vyos_defined %}
+{%         if group.dynamic_group.address_group is vyos_defined and not is_ipv6 and is_l3 %}
+{%             for group_name, group_conf in group.dynamic_group.address_group.items() %}
+    set DA_{{ group_name }} {
+        type {{ ip_type }}
+        flags dynamic, timeout
+    }
+{%             endfor %}
+{%         endif %}
+
+{%         if group.dynamic_group.ipv6_address_group is vyos_defined and is_ipv6 and is_l3 %}
+{%             for group_name, group_conf in group.dynamic_group.ipv6_address_group.items() %}
+    set DA6_{{ group_name }} {
+        type {{ ip_type }}
+        flags dynamic, timeout
+    }
+{%             endfor %}
+{%         endif %}
+{%     endif %}
+
 {% endif %}
 {% endmacro %}