summaryrefslogtreecommitdiff
path: root/src/conf_mode/firewall.py
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-01-27 16:58:36 +0100
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-02-04 01:09:42 +0100
commit22f0794a9f195e69e277d48f031fe934febe9408 (patch)
tree061df5244e08ca4132686c7ae7423b33cd28f4a9 /src/conf_mode/firewall.py
parent26774b890443d74f916858e6efd9189aa45f8cb4 (diff)
downloadvyos-1x-22f0794a9f195e69e277d48f031fe934febe9408.tar.gz
vyos-1x-22f0794a9f195e69e277d48f031fe934febe9408.zip
firewall: T4209: Fix support for rule `recent` matches
Diffstat (limited to 'src/conf_mode/firewall.py')
-rwxr-xr-xsrc/conf_mode/firewall.py6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 9dec2143e..41df1b84a 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -278,6 +278,7 @@ def cleanup_rule(table, jump_chain):
def cleanup_commands(firewall):
commands = []
+ commands_end = []
for table in ['ip filter', 'ip6 filter']:
state_chain = 'VYOS_STATE_POLICY' if table == 'ip filter' else 'VYOS_STATE_POLICY6'
json_str = cmd(f'nft -j list table {table}')
@@ -308,7 +309,10 @@ def cleanup_commands(firewall):
chain = rule['chain']
handle = rule['handle']
commands.append(f'delete rule {table} {chain} handle {handle}')
- return commands
+ elif 'set' in item:
+ set_name = item['set']['name']
+ commands_end.append(f'delete set {table} {set_name}')
+ return commands + commands_end
def generate(firewall):
if not os.path.exists(nftables_conf):