T7414: Fix conntrack ignore rules for using several ports

If we use several port for the `conntrack ignore` there have to be used curly braces for nftables Incorrect format: dport 500,4500 Correct format: dport { 500, 4500 }
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2025-05-16 10:17:21 +0000
committer: Viacheslav Hletenko <v.gletenko@vyos.io> 2025-05-16 12:47:22 +0000
commit: ea6eff90407043e1d64a0cd5424ec6e44b04b1d4 (patch)
tree: 9d51f6035b2064b069a3af612ef8b0ec7f8f839f /python
parent: 1268ebb05e909027ecf1b9b4af4a6282d944efa7 (diff)
download: vyos-1x-ea6eff90407043e1d64a0cd5424ec6e44b04b1d4.tar.gz
vyos-1x-ea6eff90407043e1d64a0cd5424ec6e44b04b1d4.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 11e1cc50f..aa215db95 100755
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -728,7 +728,7 @@ def conntrack_rule(rule_conf, rule_id, action, ipv6=False):
                 if port[0] == '!':
                     operator = '!='
                     port = port[1:]
-                output.append(f'th {prefix}port {operator} {port}')
+                output.append(f'th {prefix}port {operator} {{ {port} }}')
 
             if 'group' in side_conf:
                 group = side_conf['group']
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2025-05-16 10:17:21 +0000
committer	Viacheslav Hletenko <v.gletenko@vyos.io>	2025-05-16 12:47:22 +0000
commit	ea6eff90407043e1d64a0cd5424ec6e44b04b1d4 (patch)
tree	9d51f6035b2064b069a3af612ef8b0ec7f8f839f /python
parent	1268ebb05e909027ecf1b9b4af4a6282d944efa7 (diff)
download	vyos-1x-ea6eff90407043e1d64a0cd5424ec6e44b04b1d4.tar.gz vyos-1x-ea6eff90407043e1d64a0cd5424ec6e44b04b1d4.zip