summaryrefslogtreecommitdiff
path: root/python
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2024-06-06 17:19:01 +0200
committerGitHub <noreply@github.com>2024-06-06 17:19:01 +0200
commit85da43aa26470e0657ba68437a297ed11045d132 (patch)
treee094a3c15cb0556bd8579745ae75fd093c1d7aa8 /python
parent1c57ed83b7838f4153f5b655c6a2b47bc12547ba (diff)
parent770edf016838523c248e3c8a36c5f327a0b98415 (diff)
downloadvyos-1x-85da43aa26470e0657ba68437a297ed11045d132.tar.gz
vyos-1x-85da43aa26470e0657ba68437a297ed11045d132.zip
Merge pull request #3578 from nicolas-fort/raw-hook
T3900: Add support for raw tables in firewall
Diffstat (limited to 'python')
-rw-r--r--python/vyos/firewall.py6
1 files changed, 4 insertions, 2 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index d7b7b80a8..664df28cc 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -178,6 +178,8 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
hook_name = 'input'
if hook == 'OUT':
hook_name = 'output'
+ if hook == 'PRE':
+ hook_name = 'prerouting'
if hook == 'NAM':
hook_name = f'name{def_suffix}'
output.append(f'{ip_name} {prefix}addr {operator} @FQDN_{hook_name}_{fw_name}_{rule_id}_{prefix}')
@@ -193,6 +195,8 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
hook_name = 'input'
if hook == 'OUT':
hook_name = 'output'
+ if hook == 'PRE':
+ hook_name = 'prerouting'
if hook == 'NAM':
hook_name = f'name'
output.append(f'{ip_name} {prefix}addr {operator} @GEOIP_CC{def_suffix}_{hook_name}_{fw_name}_{rule_id}')
@@ -477,8 +481,6 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
output.append(f'tcp option maxseg size set {mss}')
if 'action' in rule_conf:
- # Change action=return to action=action
- # #output.append(nft_action(rule_conf['action']))
if rule_conf['action'] == 'offload':
offload_target = rule_conf['offload_target']
output.append(f'flow add @VYOS_FLOWTABLE_{offload_target}')