summaryrefslogtreecommitdiff
path: root/src/conf_mode/firewall.py
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-01-29 13:18:28 +0100
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-01-29 22:56:28 +0100
commited67750b94e8bc779ec0e2cf6d568a3f7292de13 (patch)
tree73450aca20e9706b96d5574c758823d9e9ccb531 /src/conf_mode/firewall.py
parent0a0d4abc02da89f68d453495ec002d2afecfca7b (diff)
downloadvyos-1x-ed67750b94e8bc779ec0e2cf6d568a3f7292de13.tar.gz
vyos-1x-ed67750b94e8bc779ec0e2cf6d568a3f7292de13.zip
firewall: T4218: Adds a prefix to all user defined chains
Diffstat (limited to 'src/conf_mode/firewall.py')
-rwxr-xr-xsrc/conf_mode/firewall.py7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 358b938e3..5b6c57d04 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -54,6 +54,9 @@ sysfs_config = {
'twa_hazards_protection': {'sysfs': '/proc/sys/net/ipv4/tcp_rfc1337'}
}
+NAME_PREFIX = 'NAME_'
+NAME6_PREFIX = 'NAME6_'
+
preserve_chains = [
'INPUT',
'FORWARD',
@@ -281,9 +284,9 @@ def cleanup_commands(firewall):
else:
commands.append(f'flush chain {table} {chain}')
elif chain not in preserve_chains and not chain.startswith("VZONE"):
- if table == 'ip filter' and dict_search_args(firewall, 'name', chain):
+ if table == 'ip filter' and dict_search_args(firewall, 'name', chain.replace(NAME_PREFIX, "", 1)):
commands.append(f'flush chain {table} {chain}')
- elif table == 'ip6 filter' and dict_search_args(firewall, 'ipv6_name', chain):
+ elif table == 'ip6 filter' and dict_search_args(firewall, 'ipv6_name', chain.replace(NAME6_PREFIX, "", 1)):
commands.append(f'flush chain {table} {chain}')
else:
commands += cleanup_rule(table, chain)