diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-08-11 15:35:19 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-11 15:35:19 +0200 |
| commit | 33273bcc224e82b42fa3db06e9fe2168abdc6205 (patch) | |
| tree | 253fb2c4777940712de9eb71710d78510bb86616 /python | |
| parent | 30506a53fa02bc514f3570af4d870eba9695aa08 (diff) | |
| parent | fc59359c52b4ad4e762ce1330497425652a884da (diff) | |
| download | vyos-1x-33273bcc224e82b42fa3db06e9fe2168abdc6205.tar.gz vyos-1x-33273bcc224e82b42fa3db06e9fe2168abdc6205.zip | |
Merge pull request #3968 from vyos/mergify/bp/circinus/pr-3964
T6643: firewall: fix ip address range parsing on firewall rules. (backport #3964)
Diffstat (limited to 'python')
| -rwxr-xr-x[-rw-r--r--] | python/vyos/firewall.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 664df28cc..8913ba152 100644..100755 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -164,7 +164,19 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name): if address_mask: operator = '!=' if exclude else '==' operator = f'& {address_mask} {operator} ' - output.append(f'{ip_name} {prefix}addr {operator}{suffix}') + + if suffix.find('-') != -1: + # Range + start, end = suffix.split('-') + if is_ipv4(start): + output.append(f'ip {prefix}addr {operator}{suffix}') + else: + output.append(f'ip6 {prefix}addr {operator}{suffix}') + else: + if is_ipv4(suffix): + output.append(f'ip {prefix}addr {operator}{suffix}') + else: + output.append(f'ip6 {prefix}addr {operator}{suffix}') if 'fqdn' in side_conf: fqdn = side_conf['fqdn'] |