diff options
author | Christian Breunig <christian@breunig.cc> | 2023-04-10 21:34:54 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-10 21:34:54 +0200 |
commit | c8562d33e7d92b43eb7fc70407f56fc4b7f51b56 (patch) | |
tree | 830fc70059a58c15ca9f69d185a03a6e57221808 /src/conf_mode/firewall.py | |
parent | 40f60ae63e0dfe7f7220f249d9b5665443c66f41 (diff) | |
parent | 8ef944b854de54bce95b91257d7a3cd22ed48064 (diff) | |
download | vyos-1x-c8562d33e7d92b43eb7fc70407f56fc4b7f51b56.tar.gz vyos-1x-c8562d33e7d92b43eb7fc70407f56fc4b7f51b56.zip |
Merge pull request #1949 from sever-sever/T5065
T5065: Add verify for firewall port-group and port
Diffstat (limited to 'src/conf_mode/firewall.py')
-rwxr-xr-x | src/conf_mode/firewall.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py index c41a442df..190587980 100755 --- a/src/conf_mode/firewall.py +++ b/src/conf_mode/firewall.py @@ -282,6 +282,9 @@ def verify_rule(firewall, rule_conf, ipv6): if rule_conf['protocol'] not in ['tcp', 'udp', 'tcp_udp']: raise ConfigError('Protocol must be tcp, udp, or tcp_udp when specifying a port or port-group') + if 'port' in side_conf and dict_search_args(side_conf, 'group', 'port_group'): + raise ConfigError(f'{side} port-group and port cannot both be defined') + if 'log_options' in rule_conf: if 'log' not in rule_conf or 'enable' not in rule_conf['log']: raise ConfigError('log-options defined, but log is not enable') |