diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-06-10 17:41:11 +0000 |
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-06-10 18:03:28 +0000 |
| commit | 81a269d2d7ac669b6de2e46f9a331525b930b589 (patch) | |
| tree | a41a8f6375084777bf8ab0cd796063779e38bef0 /python | |
| parent | fcad9572e880ab5dd71636e0aa4842dc8997bc44 (diff) | |
| download | vyos-1x-81a269d2d7ac669b6de2e46f9a331525b930b589.tar.gz vyos-1x-81a269d2d7ac669b6de2e46f9a331525b930b589.zip | |
Firewall:T4458: Add ttl match option in firewall
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/firewall.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 31fe8b5e3..355ec44b0 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -231,6 +231,13 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name): value = rule_conf['hop_limit'][op] output.append(f'ip6 hoplimit {operator} {value}') + if 'ttl' in rule_conf: + operators = {'eq': '==', 'gt': '>', 'lt': '<'} + for op, operator in operators.items(): + if op in rule_conf['ttl']: + value = rule_conf['ttl'][op] + output.append(f'ip ttl {operator} {value}') + for icmp in ['icmp', 'icmpv6']: if icmp in rule_conf: if 'type_name' in rule_conf[icmp]: |