Merge pull request #2314 from nicolas-fort/T5616

T5616: firewall and policy: add option to be able to match firewall marks
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2023-09-30 06:55:35 +0300
committer: GitHub <noreply@github.com> 2023-09-30 06:55:35 +0300
commit: 989ff045aa735bc91ae936aca549e101f6f4d9ed (patch)
tree: 7ec6a28dde81e8b050c0b914d67718dea4216d2c /python
parent: b37b0fceb4915fa1e563e34b1e3af1040f461d58 (diff)
parent: 2ae3de0848dee0f3da28727fc30e2beeecd412e1 (diff)
download: vyos-1x-989ff045aa735bc91ae936aca549e101f6f4d9ed.tar.gz
vyos-1x-989ff045aa735bc91ae936aca549e101f6f4d9ed.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 9122e264e..c07ed1adf 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -381,6 +381,14 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
         conn_mark_str = ','.join(rule_conf['connection_mark'])
         output.append(f'ct mark {{{conn_mark_str}}}')
 
+    if 'mark' in rule_conf:
+        mark = rule_conf['mark']
+        operator = ''
+        if mark[0] == '!':
+            operator = '!='
+            mark = mark[1:]
+        output.append(f'meta mark {operator} {{{mark}}}')
+
     if 'vlan' in rule_conf:
         if 'id' in rule_conf['vlan']:
             output.append(f'vlan id {rule_conf["vlan"]["id"]}')
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-09-30 06:55:35 +0300
committer	GitHub <noreply@github.com>	2023-09-30 06:55:35 +0300
commit	989ff045aa735bc91ae936aca549e101f6f4d9ed (patch)
tree	7ec6a28dde81e8b050c0b914d67718dea4216d2c /python
parent	b37b0fceb4915fa1e563e34b1e3af1040f461d58 (diff)
parent	2ae3de0848dee0f3da28727fc30e2beeecd412e1 (diff)
download	vyos-1x-989ff045aa735bc91ae936aca549e101f6f4d9ed.tar.gz vyos-1x-989ff045aa735bc91ae936aca549e101f6f4d9ed.zip