T3900: add support for raw table in firewall.

author: Nicolas Fort <nicolasfort1988@gmail.com> 2024-05-15 17:09:16 +0000
committer: Nicolas Fort <nicolasfort1988@gmail.com> 2024-05-15 17:09:16 +0000
commit: 6871c5541c1962e63d7a9b75d2bb43df2a8d372b (patch)
tree: 2c498459e53124cc4a909ab445cf6638c29de5d7 /src/conf_mode/system_conntrack.py
parent: 2105a8b29a0d616a8640ecc86683f8c9da8b52ea (diff)
download: vyos-1x-6871c5541c1962e63d7a9b75d2bb43df2a8d372b.tar.gz
vyos-1x-6871c5541c1962e63d7a9b75d2bb43df2a8d372b.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/system_conntrack.py b/src/conf_mode/system_conntrack.py
index 031fe63b0..d9c38fd95 100755
--- a/src/conf_mode/system_conntrack.py
+++ b/src/conf_mode/system_conntrack.py
@@ -18,6 +18,7 @@ import os
 
 from sys import exit
 
+from vyos.base import Warning
 from vyos.config import Config
 from vyos.configdep import set_dependents, call_dependents
 from vyos.utils.dict import dict_search
@@ -165,6 +166,8 @@ def verify(conntrack):
                                     if not group_obj:
                                         Warning(f'{error_group} "{group_name}" has no members!')
 
+            Warning(f'It is prefered to defined {inet} conntrack ignore rules in the <firewall {inet} prerouting raw> section')
+
         if dict_search_args(conntrack, 'timeout', 'custom', inet, 'rule') != None:
             for rule, rule_config in conntrack['timeout']['custom'][inet]['rule'].items():
                 if 'protocol' not in rule_config:
author	Nicolas Fort <nicolasfort1988@gmail.com>	2024-05-15 17:09:16 +0000
committer	Nicolas Fort <nicolasfort1988@gmail.com>	2024-05-15 17:09:16 +0000
commit	6871c5541c1962e63d7a9b75d2bb43df2a8d372b (patch)
tree	2c498459e53124cc4a909ab445cf6638c29de5d7 /src/conf_mode/system_conntrack.py
parent	2105a8b29a0d616a8640ecc86683f8c9da8b52ea (diff)
download	vyos-1x-6871c5541c1962e63d7a9b75d2bb43df2a8d372b.tar.gz vyos-1x-6871c5541c1962e63d7a9b75d2bb43df2a8d372b.zip