diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-10-31 14:26:51 +0100 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-11-03 21:09:28 +0100 |
commit | 051e063fdf2e459a0716a35778b33ea6bb2fdcb6 (patch) | |
tree | dd7c4fc17366774ac7026520cff03da09d85a185 /data/templates | |
parent | 3f91033927d80748b70e1ef58b2941643d1aca33 (diff) | |
download | vyos-1x-051e063fdf2e459a0716a35778b33ea6bb2fdcb6.tar.gz vyos-1x-051e063fdf2e459a0716a35778b33ea6bb2fdcb6.zip |
firewall: T970: Refactor domain resolver, add firewall source/destination `fqdn` node
Diffstat (limited to 'data/templates')
-rw-r--r-- | data/templates/firewall/nftables-defines.j2 | 8 | ||||
-rw-r--r-- | data/templates/firewall/nftables.j2 | 14 |
2 files changed, 17 insertions, 5 deletions
diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2 index 5336f7ee6..dd06dee28 100644 --- a/data/templates/firewall/nftables-defines.j2 +++ b/data/templates/firewall/nftables-defines.j2 @@ -27,6 +27,14 @@ } {% endfor %} {% endif %} +{% if group.domain_group is vyos_defined %} +{% for name, name_config in group.domain_group.items() %} + set D_{{ name }} { + type {{ ip_type }} + flags interval + } +{% endfor %} +{% endif %} {% if group.mac_group is vyos_defined %} {% for group_name, group_conf in group.mac_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2 index a0f0b8c11..2c7115134 100644 --- a/data/templates/firewall/nftables.j2 +++ b/data/templates/firewall/nftables.j2 @@ -67,14 +67,12 @@ table ip vyos_filter { {{ conf | nft_default_rule(name_text) }} } {% endfor %} -{% if group is vyos_defined and group.domain_group is vyos_defined %} -{% for name, name_config in group.domain_group.items() %} - set D_{{ name }} { +{% for set_name in ip_fqdn %} + set FQDN_{{ set_name }} { type ipv4_addr flags interval } -{% endfor %} -{% endif %} +{% endfor %} {% for set_name in ns.sets %} set RECENT_{{ set_name }} { type ipv4_addr @@ -178,6 +176,12 @@ table ip6 vyos_filter { {{ conf | nft_default_rule(name_text, ipv6=True) }} } {% endfor %} +{% for set_name in ip6_fqdn %} + set FQDN_{{ set_name }} { + type ipv6_addr + flags interval + } +{% endfor %} {% for set_name in ns.sets %} set RECENT6_{{ set_name }} { type ipv6_addr |