summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-06-10 21:28:41 +0200
committerGitHub <noreply@github.com>2022-06-10 21:28:41 +0200
commitfe18efba34c5d95d3052c9e6fda69668bbfe63f3 (patch)
tree10975bc70e44fb839a46813286ecf5d2c11c2973 /data/templates
parent2f4031c810a297c8ef81b0dc79242ef584b48662 (diff)
parent9791258d7d5320d3a8bfa45d43b59fd35e8a2131 (diff)
downloadvyos-1x-fe18efba34c5d95d3052c9e6fda69668bbfe63f3.tar.gz
vyos-1x-fe18efba34c5d95d3052c9e6fda69668bbfe63f3.zip
Merge pull request #1356 from sarthurdev/nested_groups
firewall: T478: Add support for nesting groups
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/firewall/nftables-defines.j232
1 files changed, 19 insertions, 13 deletions
diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2
index 4fa92f2e3..12146879d 100644
--- a/data/templates/firewall/nftables-defines.j2
+++ b/data/templates/firewall/nftables-defines.j2
@@ -1,32 +1,38 @@
{% if group is vyos_defined %}
{% if group.address_group is vyos_defined %}
-{% for group_name, group_conf in group.address_group.items() %}
-define A_{{ group_name }} = { {{ group_conf.address | join(",") }} }
+{% for group_name, group_conf in group.address_group | sort_nested_groups %}
+{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
+define A_{{ group_name }} = { {{ group_conf.address | nft_nested_group(includes, 'A_') | join(",") }} }
{% endfor %}
{% endif %}
{% if group.ipv6_address_group is vyos_defined %}
-{% for group_name, group_conf in group.ipv6_address_group.items() %}
-define A6_{{ group_name }} = { {{ group_conf.address | join(",") }} }
+{% for group_name, group_conf in group.ipv6_address_group | sort_nested_groups %}
+{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
+define A6_{{ group_name }} = { {{ group_conf.address | nft_nested_group(includes, 'A6_') | join(",") }} }
{% endfor %}
{% endif %}
{% if group.mac_group is vyos_defined %}
-{% for group_name, group_conf in group.mac_group.items() %}
-define M_{{ group_name }} = { {{ group_conf.mac_address | join(",") }} }
+{% for group_name, group_conf in group.mac_group | sort_nested_groups %}
+{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
+define M_{{ group_name }} = { {{ group_conf.mac_address | nft_nested_group(includes, 'M_') | join(",") }} }
{% endfor %}
{% endif %}
{% if group.network_group is vyos_defined %}
-{% for group_name, group_conf in group.network_group.items() %}
-define N_{{ group_name }} = { {{ group_conf.network | join(",") }} }
+{% for group_name, group_conf in group.network_group | sort_nested_groups %}
+{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
+define N_{{ group_name }} = { {{ group_conf.network | nft_nested_group(includes, 'N_') | join(",") }} }
{% endfor %}
{% endif %}
{% if group.ipv6_network_group is vyos_defined %}
-{% for group_name, group_conf in group.ipv6_network_group.items() %}
-define N6_{{ group_name }} = { {{ group_conf.network | join(",") }} }
+{% for group_name, group_conf in group.ipv6_network_group | sort_nested_groups %}
+{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
+define N6_{{ group_name }} = { {{ group_conf.network | nft_nested_group(includes, 'N6_') | join(",") }} }
{% endfor %}
{% endif %}
{% if group.port_group is vyos_defined %}
-{% for group_name, group_conf in group.port_group.items() %}
-define P_{{ group_name }} = { {{ group_conf.port | join(",") }} }
+{% for group_name, group_conf in group.port_group | sort_nested_groups %}
+{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
+define P_{{ group_name }} = { {{ group_conf.port | nft_nested_group(includes, 'P_') | join(",") }} }
{% endfor %}
{% endif %}
-{% endif %} \ No newline at end of file
+{% endif %}