diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-01-29 13:18:28 +0100 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-01-29 22:56:28 +0100 |
commit | ed67750b94e8bc779ec0e2cf6d568a3f7292de13 (patch) | |
tree | 73450aca20e9706b96d5574c758823d9e9ccb531 /src/conf_mode/firewall.py | |
parent | 0a0d4abc02da89f68d453495ec002d2afecfca7b (diff) | |
download | vyos-1x-ed67750b94e8bc779ec0e2cf6d568a3f7292de13.tar.gz vyos-1x-ed67750b94e8bc779ec0e2cf6d568a3f7292de13.zip |
firewall: T4218: Adds a prefix to all user defined chains
Diffstat (limited to 'src/conf_mode/firewall.py')
-rwxr-xr-x | src/conf_mode/firewall.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py index 358b938e3..5b6c57d04 100755 --- a/src/conf_mode/firewall.py +++ b/src/conf_mode/firewall.py @@ -54,6 +54,9 @@ sysfs_config = { 'twa_hazards_protection': {'sysfs': '/proc/sys/net/ipv4/tcp_rfc1337'} } +NAME_PREFIX = 'NAME_' +NAME6_PREFIX = 'NAME6_' + preserve_chains = [ 'INPUT', 'FORWARD', @@ -281,9 +284,9 @@ def cleanup_commands(firewall): else: commands.append(f'flush chain {table} {chain}') elif chain not in preserve_chains and not chain.startswith("VZONE"): - if table == 'ip filter' and dict_search_args(firewall, 'name', chain): + if table == 'ip filter' and dict_search_args(firewall, 'name', chain.replace(NAME_PREFIX, "", 1)): commands.append(f'flush chain {table} {chain}') - elif table == 'ip6 filter' and dict_search_args(firewall, 'ipv6_name', chain): + elif table == 'ip6 filter' and dict_search_args(firewall, 'ipv6_name', chain.replace(NAME6_PREFIX, "", 1)): commands.append(f'flush chain {table} {chain}') else: commands += cleanup_rule(table, chain) |