diff options
| author | goodNETnick <33053932+goodNETnick@users.noreply.github.com> | 2022-03-31 13:48:47 +1000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-31 13:48:47 +1000 |
| commit | aa5b35b68c1170bfd0b9661bafa72bb10fe6ca95 (patch) | |
| tree | 46f3ffc41c29666c3251f25f2f93cb1f1b9a6c60 /src/conf_mode/policy-route.py | |
| parent | b776003cf55e1035ac83186e44f72764e52e9e0d (diff) | |
| parent | bafb1973d906707cb571385e994a949d0d90b645 (diff) | |
| download | vyos-1x-aa5b35b68c1170bfd0b9661bafa72bb10fe6ca95.tar.gz vyos-1x-aa5b35b68c1170bfd0b9661bafa72bb10fe6ca95.zip | |
Merge branch 'vyos:current' into ocserv_local_otp
Diffstat (limited to 'src/conf_mode/policy-route.py')
| -rwxr-xr-x | src/conf_mode/policy-route.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/conf_mode/policy-route.py b/src/conf_mode/policy-route.py index 7dcab4b58..3d1d7d8c5 100755 --- a/src/conf_mode/policy-route.py +++ b/src/conf_mode/policy-route.py @@ -123,6 +123,10 @@ def verify_rule(policy, name, rule_conf, ipv6): for group in valid_groups: if group in side_conf['group']: group_name = side_conf['group'][group] + + if group_name.startswith('!'): + group_name = group_name[1:] + fw_group = f'ipv6_{group}' if ipv6 and group in ['address_group', 'network_group'] else group error_group = fw_group.replace("_", "-") group_obj = dict_search_args(policy['firewall_group'], fw_group, group_name) @@ -206,6 +210,7 @@ def apply_table_marks(policy): for route in ['route', 'route6']: if route in policy: cmd_str = 'ip' if route == 'route' else 'ip -6' + tables = [] for name, pol_conf in policy[route].items(): if 'rule' in pol_conf: for rule_id, rule_conf in pol_conf['rule'].items(): @@ -213,6 +218,9 @@ def apply_table_marks(policy): if set_table: if set_table == 'main': set_table = '254' + if set_table in tables: + continue + tables.append(set_table) table_mark = mark_offset - int(set_table) cmd(f'{cmd_str} rule add pref {set_table} fwmark {table_mark} table {set_table}') |