diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-08-01 00:13:47 +0200 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-12-06 21:20:49 +0100 |
| commit | f86041de88c3b0e0ce9ecc6d2cbc309bc8cb28e2 (patch) | |
| tree | 99632f4cb67bfa8435288249e9142439b869fd19 /python | |
| parent | 3ebb08893b4bbd016bd0eb04374be5f691ad4abb (diff) | |
| download | vyos-1x-f86041de88c3b0e0ce9ecc6d2cbc309bc8cb28e2.tar.gz vyos-1x-f86041de88c3b0e0ce9ecc6d2cbc309bc8cb28e2.zip | |
policy: T2199: Migrate policy route to XML/Python
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/firewall.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 9b8af7852..8b7402b7e 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -150,8 +150,12 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): if tcp_flags: output.append(parse_tcp_flags(tcp_flags)) + output.append('counter') + if 'set' in rule_conf: + output.append(parse_policy_set(rule_conf['set'], def_suffix)) + if 'action' in rule_conf: output.append(nft_action(rule_conf['action'])) else: @@ -192,3 +196,22 @@ def parse_time(time): out_days = [f'"{day}"' for day in days if day[0] != '!'] out.append(f'day {{{",".join(out_days)}}}') return " ".join(out) + +def parse_policy_set(set_conf, def_suffix): + out = [] + if 'dscp' in set_conf: + dscp = set_conf['dscp'] + out.append(f'ip{def_suffix} dscp set {dscp}') + if 'mark' in set_conf: + mark = set_conf['mark'] + out.append(f'meta mark set {mark}') + if 'table' in set_conf: + table = set_conf['table'] + if table == 'main': + table = '254' + mark = 0x7FFFFFFF - int(set_conf['table']) + out.append(f'meta mark set {mark}') + if 'tcp_mss' in set_conf: + mss = set_conf['tcp_mss'] + out.append(f'tcp option maxseg size set {mss}') + return " ".join(out) |