firewall: T970: Maintain a domain state to fallback if resolution fails

author: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-06-05 10:59:47 +0200
committer: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-06-05 10:59:47 +0200
commit: d1bdf2b9d80d2e34b7370823d6f684102d7c9f4e (patch)
tree: a39307f088a78d4e0b9503a2a9a0d612c949c31c /src/conf_mode/firewall.py
parent: e990b2f4c045f5d1be02915ec7d8869d5475ed4e (diff)
download: vyos-1x-d1bdf2b9d80d2e34b7370823d6f684102d7c9f4e.tar.gz
vyos-1x-d1bdf2b9d80d2e34b7370823d6f684102d7c9f4e.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 3c6aff386..335098bf1 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -427,7 +427,8 @@ def apply(firewall):
                     domains.append(address)
                 # Add elements to domain-group, try to resolve domain => ip
                 # and add elements to nft set
-                elements = get_ips_domains_dict(domains)
+                ip_dict = get_ips_domains_dict(domains)
+                elements = sum(ip_dict.values(), [])
                 nft_init_set(group)
                 nft_add_set_elements(group, elements)
         else:
author	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-06-05 10:59:47 +0200
committer	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-06-05 10:59:47 +0200
commit	d1bdf2b9d80d2e34b7370823d6f684102d7c9f4e (patch)
tree	a39307f088a78d4e0b9503a2a9a0d612c949c31c /src/conf_mode/firewall.py
parent	e990b2f4c045f5d1be02915ec7d8869d5475ed4e (diff)
download	vyos-1x-d1bdf2b9d80d2e34b7370823d6f684102d7c9f4e.tar.gz vyos-1x-d1bdf2b9d80d2e34b7370823d6f684102d7c9f4e.zip