Merge branch 'current' into current

author: Daniil Baturin <daniil@vyos.io> 2023-04-21 13:38:13 +0100
committer: GitHub <noreply@github.com> 2023-04-21 13:38:13 +0100
commit: 821bc4f511460123e958b8eaa2e588e4623fbfe6 (patch)
tree: ca5283d32a34969fa95b9ee1f1421bf7f28db5bd /src/conf_mode/firewall.py
parent: dcba3685345b0624c13f83211628136076feac79 (diff)
parent: 97ef83ada9c42913bae3c80e0f2432bdf901312a (diff)
download: vyos-1x-821bc4f511460123e958b8eaa2e588e4623fbfe6.tar.gz
vyos-1x-821bc4f511460123e958b8eaa2e588e4623fbfe6.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index c41a442df..190587980 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -282,6 +282,9 @@ def verify_rule(firewall, rule_conf, ipv6):
                 if rule_conf['protocol'] not in ['tcp', 'udp', 'tcp_udp']:
                     raise ConfigError('Protocol must be tcp, udp, or tcp_udp when specifying a port or port-group')
 
+            if 'port' in side_conf and dict_search_args(side_conf, 'group', 'port_group'):
+                raise ConfigError(f'{side} port-group and port cannot both be defined')
+
     if 'log_options' in rule_conf:
         if 'log' not in rule_conf or 'enable' not in rule_conf['log']:
             raise ConfigError('log-options defined, but log is not enable')
author	Daniil Baturin <daniil@vyos.io>	2023-04-21 13:38:13 +0100
committer	GitHub <noreply@github.com>	2023-04-21 13:38:13 +0100
commit	821bc4f511460123e958b8eaa2e588e4623fbfe6 (patch)
tree	ca5283d32a34969fa95b9ee1f1421bf7f28db5bd /src/conf_mode/firewall.py
parent	dcba3685345b0624c13f83211628136076feac79 (diff)
parent	97ef83ada9c42913bae3c80e0f2432bdf901312a (diff)
download	vyos-1x-821bc4f511460123e958b8eaa2e588e4623fbfe6.tar.gz vyos-1x-821bc4f511460123e958b8eaa2e588e4623fbfe6.zip