summaryrefslogtreecommitdiff
path: root/src/conf_mode/protocols_nhrp.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-09-14 07:55:54 +0200
committerGitHub <noreply@github.com>2022-09-14 07:55:54 +0200
commite5c9f290b70c700fbec5acdb3a90bf0c67edd091 (patch)
tree531a8c025b5115b443e780c659a1e4973659a4ec /src/conf_mode/protocols_nhrp.py
parent24fc5a832dbdc3cb592674afd89bc72a22496713 (diff)
parent30945f39d6d1f0fdba34ce1c2d887a1a6823ecbe (diff)
downloadvyos-1x-e5c9f290b70c700fbec5acdb3a90bf0c67edd091.tar.gz
vyos-1x-e5c9f290b70c700fbec5acdb3a90bf0c67edd091.zip
Merge pull request #1534 from sarthurdev/firewall_interfaces
firewall: zone-policy: T2199: T4605: Refactor firewall, migrate zone-policy
Diffstat (limited to 'src/conf_mode/protocols_nhrp.py')
-rwxr-xr-xsrc/conf_mode/protocols_nhrp.py8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/conf_mode/protocols_nhrp.py b/src/conf_mode/protocols_nhrp.py
index b247ce2ab..991fcc7eb 100755
--- a/src/conf_mode/protocols_nhrp.py
+++ b/src/conf_mode/protocols_nhrp.py
@@ -94,15 +94,15 @@ def apply(nhrp):
comment = f'VYOS_NHRP_{tunnel}'
source_address = nhrp['if_tunnel'][tunnel]['source_address']
- rule_handle = find_nftables_rule('ip filter', 'VYOS_FW_OUTPUT', ['ip protocol gre', f'ip saddr {source_address}', 'ip daddr 224.0.0.0/4'])
+ rule_handle = find_nftables_rule('ip vyos_filter', 'VYOS_FW_OUTPUT', ['ip protocol gre', f'ip saddr {source_address}', 'ip daddr 224.0.0.0/4'])
if not rule_handle:
- run(f'sudo nft insert rule ip filter VYOS_FW_OUTPUT ip protocol gre ip saddr {source_address} ip daddr 224.0.0.0/4 counter drop comment "{comment}"')
+ run(f'sudo nft insert rule ip vyos_filter VYOS_FW_OUTPUT ip protocol gre ip saddr {source_address} ip daddr 224.0.0.0/4 counter drop comment "{comment}"')
for tunnel in nhrp['del_tunnels']:
comment = f'VYOS_NHRP_{tunnel}'
- rule_handle = find_nftables_rule('ip filter', 'VYOS_FW_OUTPUT', [f'comment "{comment}"'])
+ rule_handle = find_nftables_rule('ip vyos_filter', 'VYOS_FW_OUTPUT', [f'comment "{comment}"'])
if rule_handle:
- remove_nftables_rule('ip filter', 'VYOS_FW_OUTPUT', rule_handle)
+ remove_nftables_rule('ip vyos_filter', 'VYOS_FW_OUTPUT', rule_handle)
action = 'restart' if nhrp and 'tunnel' in nhrp else 'stop'
run(f'systemctl {action} opennhrp.service')