summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-01-31 19:26:37 +0100
committerGitHub <noreply@github.com>2022-01-31 19:26:37 +0100
commit36e54482a242e785c7a052035549bb45a117ea9a (patch)
tree3d947addcb9ea4c375e2771eed68e393e9295cbe /data
parent3aa1ec3f03a95ad41d3476b92b8b31a68b516b14 (diff)
parentff2cc45f8ba6d7ad1bc75ef384643692a54f31cc (diff)
downloadvyos-1x-36e54482a242e785c7a052035549bb45a117ea9a.tar.gz
vyos-1x-36e54482a242e785c7a052035549bb45a117ea9a.zip
Merge pull request #1199 from sarthurdev/T4218
firewall: T4218: T4216: Add prefix to user defined chains, support negated groups, fixes
Diffstat (limited to 'data')
-rw-r--r--data/templates/firewall/nftables.tmpl4
-rw-r--r--data/templates/zone_policy/nftables.tmpl12
2 files changed, 8 insertions, 8 deletions
diff --git a/data/templates/firewall/nftables.tmpl b/data/templates/firewall/nftables.tmpl
index 33c821e84..468a5a32f 100644
--- a/data/templates/firewall/nftables.tmpl
+++ b/data/templates/firewall/nftables.tmpl
@@ -32,7 +32,7 @@ table ip filter {
{% endif %}
{% if name is defined %}
{% for name_text, conf in name.items() %}
- chain {{ name_text }} {
+ chain NAME_{{ name_text }} {
{% if conf.rule is defined %}
{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not defined %}
{{ rule_conf | nft_rule(name_text, rule_id) }}
@@ -82,7 +82,7 @@ table ip6 filter {
{% endif %}
{% if ipv6_name is defined %}
{% for name_text, conf in ipv6_name.items() %}
- chain {{ name_text }} {
+ chain NAME6_{{ name_text }} {
{% if conf.rule is defined %}
{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not defined %}
{{ rule_conf | nft_rule(name_text, rule_id, 'ip6') }}
diff --git a/data/templates/zone_policy/nftables.tmpl b/data/templates/zone_policy/nftables.tmpl
index e59208a0d..093da6bd8 100644
--- a/data/templates/zone_policy/nftables.tmpl
+++ b/data/templates/zone_policy/nftables.tmpl
@@ -13,7 +13,7 @@ table ip filter {
chain VZONE_{{ zone_name }}_IN {
iifname lo counter return
{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is defined %}
- iifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.name }}
+ iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }}
@@ -21,7 +21,7 @@ table ip filter {
chain VZONE_{{ zone_name }}_OUT {
oifname lo counter return
{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.name is defined %}
- oifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.name }}
+ oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
oifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }}
@@ -34,7 +34,7 @@ table ip filter {
{% endif %}
{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is defined %}
{% if zone[from_zone].local_zone is not defined %}
- iifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.name }}
+ iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endif %}
{% endfor %}
@@ -50,7 +50,7 @@ table ip6 filter {
chain VZONE6_{{ zone_name }}_IN {
iifname lo counter return
{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is defined %}
- iifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.ipv6_name }}
+ iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }}
@@ -58,7 +58,7 @@ table ip6 filter {
chain VZONE6_{{ zone_name }}_OUT {
oifname lo counter return
{% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.ipv6_name is defined %}
- oifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.ipv6_name }}
+ oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
oifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }}
@@ -71,7 +71,7 @@ table ip6 filter {
{% endif %}
{% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is defined %}
{% if zone[from_zone].local_zone is not defined %}
- iifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.ipv6_name }}
+ iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endif %}
{% endfor %}