diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-09-08 07:25:44 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-08 07:25:44 +0200 |
| commit | 627cfc6d6733998a721ac97f9f5bc44c4c2c6797 (patch) | |
| tree | 8e7cae59241bf57575bff671546b591f03652ffd /python | |
| parent | bdd7f6be4afae6dd8ccefede5de809f9bb73ee1d (diff) | |
| parent | 1eb71e8e80a30c559932690470791cdf10ac5c76 (diff) | |
| download | vyos-1x-627cfc6d6733998a721ac97f9f5bc44c4c2c6797.tar.gz vyos-1x-627cfc6d6733998a721ac97f9f5bc44c4c2c6797.zip | |
Merge pull request #1525 from nicolas-fort/T1024
T1024: Firewall and Policy route: add option to match dscp value
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/firewall.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 0bc5378db..2fbaef0e9 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -274,6 +274,13 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): negated_lengths_str = ','.join(rule_conf['packet_length_exclude']) output.append(f'ip{def_suffix} length != {{{negated_lengths_str}}}') + if 'dscp' in rule_conf: + dscp_str = ','.join(rule_conf['dscp']) + output.append(f'ip{def_suffix} dscp {{{dscp_str}}}') + + if 'dscp_exclude' in rule_conf: + negated_dscp_str = ','.join(rule_conf['dscp_exclude']) + output.append(f'ip{def_suffix} dscp != {{{negated_dscp_str}}}') if 'ipsec' in rule_conf: if 'match_ipsec' in rule_conf['ipsec']: |