zone_policy: T3873: Implement intra-zone-filtering

author: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2021-10-31 21:24:40 +0100
committer: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2021-12-06 21:20:50 +0100
commit: 28b285b4791aece18fe1bbd76f3d555370545006 (patch)
tree: 84012e52eb729927489ea8a49431910e5ec05c2c /python
parent: dcd202aeeb890edf289c57305cb0bf07c87df341 (diff)
download: vyos-1x-28b285b4791aece18fe1bbd76f3d555370545006.tar.gz
vyos-1x-28b285b4791aece18fe1bbd76f3d555370545006.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 55bd04136..e20890e25 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -505,3 +505,18 @@ def nft_state_policy(conf, state):
         out.append(conf['action'])
 
     return " ".join(out)
+
+@register_filter('nft_intra_zone_action')
+def nft_intra_zone_action(zone_conf, ipv6=False):
+    if 'intra_zone_filtering' in zone_conf:
+        intra_zone = zone_conf['intra_zone_filtering']
+        fw_name = 'ipv6_name' if ipv6 else 'name'
+
+        if 'action' in intra_zone:
+            if intra_zone['action'] == 'accept':
+                return 'return'
+            return intra_zone['action']
+        elif dict_search_args(intra_zone, 'firewall', fw_name):
+            name = dict_search_args(intra_zone, 'firewall', fw_name)
+            return f'jump {name}'
+    return 'return'
author	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2021-10-31 21:24:40 +0100
committer	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2021-12-06 21:20:50 +0100
commit	28b285b4791aece18fe1bbd76f3d555370545006 (patch)
tree	84012e52eb729927489ea8a49431910e5ec05c2c /python
parent	dcd202aeeb890edf289c57305cb0bf07c87df341 (diff)
download	vyos-1x-28b285b4791aece18fe1bbd76f3d555370545006.tar.gz vyos-1x-28b285b4791aece18fe1bbd76f3d555370545006.zip