diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-02-12 08:44:43 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2022-02-12 08:45:24 +0100 |
commit | 27daf4a6cd4928be41ed08330ccc1b7f04ad2638 (patch) | |
tree | a4f5db21f1b2f687849ff76f83e6f8be7a778831 /src/conf_mode/policy-route.py | |
parent | 403faebaba8f1cfcdd0212057e63ca21301d38b7 (diff) | |
download | vyos-1x-27daf4a6cd4928be41ed08330ccc1b7f04ad2638.tar.gz vyos-1x-27daf4a6cd4928be41ed08330ccc1b7f04ad2638.zip |
policy: T2199: bugfix verify_rule() on negated groups
Related to #1215
Diffstat (limited to 'src/conf_mode/policy-route.py')
-rwxr-xr-x | src/conf_mode/policy-route.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/policy-route.py b/src/conf_mode/policy-route.py index 82f668acf..3d1d7d8c5 100755 --- a/src/conf_mode/policy-route.py +++ b/src/conf_mode/policy-route.py @@ -123,6 +123,10 @@ def verify_rule(policy, name, rule_conf, ipv6): for group in valid_groups: if group in side_conf['group']: group_name = side_conf['group'][group] + + if group_name.startswith('!'): + group_name = group_name[1:] + fw_group = f'ipv6_{group}' if ipv6 and group in ['address_group', 'network_group'] else group error_group = fw_group.replace("_", "-") group_obj = dict_search_args(policy['firewall_group'], fw_group, group_name) |