firewall: T4178: Use lowercase for TCP flags and add an validator

author: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-01-13 12:58:37 +0100
committer: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-01-14 14:04:39 +0100
commit: df5a862beb84145dfc8434efde7d7fee783199cf (patch)
tree: 5a6f09bc9c035a5c4dacc5714536af3340a0059d /python
parent: a132ba993e786994a3b129c72fb0024931339619 (diff)
download: vyos-1x-df5a862beb84145dfc8434efde7d7fee783199cf.tar.gz
vyos-1x-df5a862beb84145dfc8434efde7d7fee783199cf.zip
1 files changed, 3 insertions, 4 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 66dc8bc40..acde9f913 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -171,7 +171,6 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
     if tcp_flags:
         output.append(parse_tcp_flags(tcp_flags))
 
-
     output.append('counter')
 
     if 'set' in rule_conf:
@@ -190,10 +189,10 @@ def parse_tcp_flags(flags):
     include = []
     for flag in flags.split(","):
         if flag[0] == '!':
-            flag = flag[1:]
+            flag = flag[1:].lower()
         else:
-            include.append(flag)
-        all_flags.append(flag)
+            include.append(flag.lower())
+        all_flags.append(flag.lower())
     return f'tcp flags & ({"|".join(all_flags)}) == {"|".join(include)}'
 
 def parse_time(time):
author	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-01-13 12:58:37 +0100
committer	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-01-14 14:04:39 +0100
commit	df5a862beb84145dfc8434efde7d7fee783199cf (patch)
tree	5a6f09bc9c035a5c4dacc5714536af3340a0059d /python
parent	a132ba993e786994a3b129c72fb0024931339619 (diff)
download	vyos-1x-df5a862beb84145dfc8434efde7d7fee783199cf.tar.gz vyos-1x-df5a862beb84145dfc8434efde7d7fee783199cf.zip