diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-02-05 19:57:51 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-05 19:57:51 +0100 |
| commit | 9077c834b3dea1e984e3153a245e4ac715f0bcb2 (patch) | |
| tree | 10a815acb24511ec700e802c2e3ec0fc7ea6a844 /src/conf_mode/firewall.py | |
| parent | 568c33e3773ca946470005c105446f40700f6844 (diff) | |
| parent | 22f0794a9f195e69e277d48f031fe934febe9408 (diff) | |
| download | vyos-1x-9077c834b3dea1e984e3153a245e4ac715f0bcb2.tar.gz vyos-1x-9077c834b3dea1e984e3153a245e4ac715f0bcb2.zip | |
Merge pull request #1206 from sarthurdev/T4209
firewall: T4209: Fix support for rule `recent` matches
Diffstat (limited to 'src/conf_mode/firewall.py')
| -rwxr-xr-x | src/conf_mode/firewall.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py index 9dec2143e..41df1b84a 100755 --- a/src/conf_mode/firewall.py +++ b/src/conf_mode/firewall.py @@ -278,6 +278,7 @@ def cleanup_rule(table, jump_chain): def cleanup_commands(firewall): commands = [] + commands_end = [] for table in ['ip filter', 'ip6 filter']: state_chain = 'VYOS_STATE_POLICY' if table == 'ip filter' else 'VYOS_STATE_POLICY6' json_str = cmd(f'nft -j list table {table}') @@ -308,7 +309,10 @@ def cleanup_commands(firewall): chain = rule['chain'] handle = rule['handle'] commands.append(f'delete rule {table} {chain} handle {handle}') - return commands + elif 'set' in item: + set_name = item['set']['name'] + commands_end.append(f'delete set {table} {set_name}') + return commands + commands_end def generate(firewall): if not os.path.exists(nftables_conf): |