diff options
| author | Christian Poessinger <christian.poessinger@rohde-schwarz.com> | 2022-01-04 05:11:52 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-04 05:11:52 +0100 |
| commit | 993b87458456bc6fcbe5aa7fbc7c0c31580032ce (patch) | |
| tree | c9ee8b805606ea2b57d7cb6ce13d884d91df2799 /python | |
| parent | 5a73c946000902f6e445b0803ca090f7fc6e0954 (diff) | |
| parent | 9213d9cc7bcd731baaf606fcdc956764482f45e9 (diff) | |
| download | vyos-1x-993b87458456bc6fcbe5aa7fbc7c0c31580032ce.tar.gz vyos-1x-993b87458456bc6fcbe5aa7fbc7c0c31580032ce.zip | |
Merge pull request #1130 from sarthurdev/firewall
firewall: T4130: Fix firewall state-policy errors
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/template.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py index 2987fcd0e..7671bf377 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -517,7 +517,7 @@ def nft_rule(rule_conf, fw_name, rule_id, ip_name='ip'): return parse_rule(rule_conf, fw_name, rule_id, ip_name) @register_filter('nft_state_policy') -def nft_state_policy(conf, state): +def nft_state_policy(conf, state, ipv6=False): out = [f'ct state {state}'] if 'log' in conf and 'enable' in conf['log']: @@ -526,7 +526,11 @@ def nft_state_policy(conf, state): out.append('counter') if 'action' in conf: - out.append(conf['action']) + if conf['action'] == 'accept': + jump_target = 'VYOS_POST_FW6' if ipv6 else 'VYOS_POST_FW' + out.append(f'jump {jump_target}') + else: + out.append(conf['action']) return " ".join(out) |