diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-01-14 20:30:56 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-14 20:30:56 +0100 |
| commit | 9aa8e51de06bda0099231f2567dbb83e430faee4 (patch) | |
| tree | 1eecd3caba390e300450af400bffee90ed137887 /src/conf_mode/firewall.py | |
| parent | 97472739b4432cdbf8f73275ab00876add071692 (diff) | |
| parent | df5a862beb84145dfc8434efde7d7fee783199cf (diff) | |
| download | vyos-1x-9aa8e51de06bda0099231f2567dbb83e430faee4.tar.gz vyos-1x-9aa8e51de06bda0099231f2567dbb83e430faee4.zip | |
Merge pull request #1167 from sarthurdev/firewall
firewall: T4178: Use lowercase for TCP flags and add an validator
Diffstat (limited to 'src/conf_mode/firewall.py')
| -rwxr-xr-x | src/conf_mode/firewall.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py index 7b491a325..853470fd8 100755 --- a/src/conf_mode/firewall.py +++ b/src/conf_mode/firewall.py @@ -142,6 +142,9 @@ def verify_rule(firewall, rule_conf, ipv6): if not {'count', 'time'} <= set(rule_conf['recent']): raise ConfigError('Recent "count" and "time" values must be defined') + if dict_search_args(rule_conf, 'tcp', 'flags') and dict_search_args(rule_conf, 'protocol') != 'tcp': + raise ConfigError('Protocol must be tcp when specifying tcp flags') + for side in ['destination', 'source']: if side in rule_conf: side_conf = rule_conf[side] |