Merge pull request #2172 from nicolas-fort/T5502

T5502: firewall: add validator for interface matcher
author: Christian Breunig <christian@breunig.cc> 2023-08-25 20:03:40 +0200
committer: GitHub <noreply@github.com> 2023-08-25 20:03:40 +0200
commit: 3144b67f1b04e88f5ba928db2eee6f198be04a3a (patch)
tree: e77e5229d2b8e21dc7ec7240ebc8a96c239d4035 /src/conf_mode/firewall.py
parent: 9e0ea586159b5720faeef5a0548edef993b816d8 (diff)
parent: 1a2237ba91d5d7c21a2be90c47f1f6b75a383627 (diff)
download: vyos-1x-3144b67f1b04e88f5ba928db2eee6f198be04a3a.tar.gz
vyos-1x-3144b67f1b04e88f5ba928db2eee6f198be04a3a.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 8ad3f27fc..d32ae497a 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -259,6 +259,11 @@ def verify_rule(firewall, rule_conf, ipv6):
         if 'queue_threshold' in rule_conf['log_options'] and 'group' not in rule_conf['log_options']:
             raise ConfigError('log-options queue-threshold defined, but log group is not define')
 
+    for direction in ['inbound_interface','outbound_interface']:
+        if direction in rule_conf:
+            if 'interface_name' in rule_conf[direction] and 'interface_group' in rule_conf[direction]:
+                raise ConfigError(f'Cannot specify both interface-group and interface-name for {direction}')
+
 def verify_nested_group(group_name, group, groups, seen):
     if 'include' not in group:
         return
author	Christian Breunig <christian@breunig.cc>	2023-08-25 20:03:40 +0200
committer	GitHub <noreply@github.com>	2023-08-25 20:03:40 +0200
commit	3144b67f1b04e88f5ba928db2eee6f198be04a3a (patch)
tree	e77e5229d2b8e21dc7ec7240ebc8a96c239d4035 /src/conf_mode/firewall.py
parent	9e0ea586159b5720faeef5a0548edef993b816d8 (diff)
parent	1a2237ba91d5d7c21a2be90c47f1f6b75a383627 (diff)
download	vyos-1x-3144b67f1b04e88f5ba928db2eee6f198be04a3a.tar.gz vyos-1x-3144b67f1b04e88f5ba928db2eee6f198be04a3a.zip