summaryrefslogtreecommitdiff
path: root/src/conf_mode/policy-route.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-02-12 08:44:43 +0100
committerChristian Poessinger <christian@poessinger.com>2022-02-12 08:45:24 +0100
commit27daf4a6cd4928be41ed08330ccc1b7f04ad2638 (patch)
treea4f5db21f1b2f687849ff76f83e6f8be7a778831 /src/conf_mode/policy-route.py
parent403faebaba8f1cfcdd0212057e63ca21301d38b7 (diff)
downloadvyos-1x-27daf4a6cd4928be41ed08330ccc1b7f04ad2638.tar.gz
vyos-1x-27daf4a6cd4928be41ed08330ccc1b7f04ad2638.zip
policy: T2199: bugfix verify_rule() on negated groups
Related to #1215
Diffstat (limited to 'src/conf_mode/policy-route.py')
-rwxr-xr-xsrc/conf_mode/policy-route.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/policy-route.py b/src/conf_mode/policy-route.py
index 82f668acf..3d1d7d8c5 100755
--- a/src/conf_mode/policy-route.py
+++ b/src/conf_mode/policy-route.py
@@ -123,6 +123,10 @@ def verify_rule(policy, name, rule_conf, ipv6):
for group in valid_groups:
if group in side_conf['group']:
group_name = side_conf['group'][group]
+
+ if group_name.startswith('!'):
+ group_name = group_name[1:]
+
fw_group = f'ipv6_{group}' if ipv6 and group in ['address_group', 'network_group'] else group
error_group = fw_group.replace("_", "-")
group_obj = dict_search_args(policy['firewall_group'], fw_group, group_name)