firewall: T4178: Use lowercase for TCP flags and add an validator

author: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-01-13 12:58:37 +0100
committer: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-01-14 14:04:39 +0100
commit: df5a862beb84145dfc8434efde7d7fee783199cf (patch)
tree: 5a6f09bc9c035a5c4dacc5714536af3340a0059d /src/conf_mode/firewall.py
parent: a132ba993e786994a3b129c72fb0024931339619 (diff)
download: vyos-1x-df5a862beb84145dfc8434efde7d7fee783199cf.tar.gz
vyos-1x-df5a862beb84145dfc8434efde7d7fee783199cf.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 7b491a325..853470fd8 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -142,6 +142,9 @@ def verify_rule(firewall, rule_conf, ipv6):
         if not {'count', 'time'} <= set(rule_conf['recent']):
             raise ConfigError('Recent "count" and "time" values must be defined')
 
+    if dict_search_args(rule_conf, 'tcp', 'flags') and dict_search_args(rule_conf, 'protocol') != 'tcp':
+        raise ConfigError('Protocol must be tcp when specifying tcp flags')
+
     for side in ['destination', 'source']:
         if side in rule_conf:
             side_conf = rule_conf[side]
author	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-01-13 12:58:37 +0100
committer	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-01-14 14:04:39 +0100
commit	df5a862beb84145dfc8434efde7d7fee783199cf (patch)
tree	5a6f09bc9c035a5c4dacc5714536af3340a0059d /src/conf_mode/firewall.py
parent	a132ba993e786994a3b129c72fb0024931339619 (diff)
download	vyos-1x-df5a862beb84145dfc8434efde7d7fee783199cf.tar.gz vyos-1x-df5a862beb84145dfc8434efde7d7fee783199cf.zip