summaryrefslogtreecommitdiff
path: root/src/conf_mode/firewall.py
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-04-10 21:34:54 +0200
committerGitHub <noreply@github.com>2023-04-10 21:34:54 +0200
commitc8562d33e7d92b43eb7fc70407f56fc4b7f51b56 (patch)
tree830fc70059a58c15ca9f69d185a03a6e57221808 /src/conf_mode/firewall.py
parent40f60ae63e0dfe7f7220f249d9b5665443c66f41 (diff)
parent8ef944b854de54bce95b91257d7a3cd22ed48064 (diff)
downloadvyos-1x-c8562d33e7d92b43eb7fc70407f56fc4b7f51b56.tar.gz
vyos-1x-c8562d33e7d92b43eb7fc70407f56fc4b7f51b56.zip
Merge pull request #1949 from sever-sever/T5065
T5065: Add verify for firewall port-group and port
Diffstat (limited to 'src/conf_mode/firewall.py')
-rwxr-xr-xsrc/conf_mode/firewall.py3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index c41a442df..190587980 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -282,6 +282,9 @@ def verify_rule(firewall, rule_conf, ipv6):
if rule_conf['protocol'] not in ['tcp', 'udp', 'tcp_udp']:
raise ConfigError('Protocol must be tcp, udp, or tcp_udp when specifying a port or port-group')
+ if 'port' in side_conf and dict_search_args(side_conf, 'group', 'port_group'):
+ raise ConfigError(f'{side} port-group and port cannot both be defined')
+
if 'log_options' in rule_conf:
if 'log' not in rule_conf or 'enable' not in rule_conf['log']:
raise ConfigError('log-options defined, but log is not enable')