diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-09-07 14:16:49 +0000 | 
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-09-07 14:16:49 +0000 | 
| commit | 1eb71e8e80a30c559932690470791cdf10ac5c76 (patch) | |
| tree | 8e7cae59241bf57575bff671546b591f03652ffd /python | |
| parent | bdd7f6be4afae6dd8ccefede5de809f9bb73ee1d (diff) | |
| download | vyos-1x-1eb71e8e80a30c559932690470791cdf10ac5c76.tar.gz vyos-1x-1eb71e8e80a30c559932690470791cdf10ac5c76.zip | |
T1024: Firewall and Policy route: add option to match dscp value, both on firewall and in policy route
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/firewall.py | 7 | 
1 files changed, 7 insertions, 0 deletions
| diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 0bc5378db..2fbaef0e9 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -274,6 +274,13 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):          negated_lengths_str = ','.join(rule_conf['packet_length_exclude'])          output.append(f'ip{def_suffix} length != {{{negated_lengths_str}}}') +    if 'dscp' in rule_conf: +        dscp_str = ','.join(rule_conf['dscp']) +        output.append(f'ip{def_suffix} dscp {{{dscp_str}}}') + +    if 'dscp_exclude' in rule_conf: +        negated_dscp_str = ','.join(rule_conf['dscp_exclude']) +        output.append(f'ip{def_suffix} dscp != {{{negated_dscp_str}}}')      if 'ipsec' in rule_conf:          if 'match_ipsec' in rule_conf['ipsec']: | 
