diff options
author | hagbard <vyosdev@derith.de> | 2018-11-30 10:26:36 -0800 |
---|---|---|
committer | hagbard <vyosdev@derith.de> | 2018-11-30 10:26:36 -0800 |
commit | a29898b2ea15b7d9cea7fade1b27d38967c52d52 (patch) | |
tree | 6671d0d67faae1d5be2ef04a7b9596900352b1f2 /src/conf_mode/wireguard.py | |
parent | 652c626644d03ccf7d03de8f51ae5a2a6e27fd66 (diff) | |
download | vyos-1x-a29898b2ea15b7d9cea7fade1b27d38967c52d52.tar.gz vyos-1x-a29898b2ea15b7d9cea7fade1b27d38967c52d52.zip |
Fixes: T1061: Wireguard: Missing option to administrativly shutdown interface
Diffstat (limited to 'src/conf_mode/wireguard.py')
-rwxr-xr-x | src/conf_mode/wireguard.py | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py index 353528aba..f5452579e 100755 --- a/src/conf_mode/wireguard.py +++ b/src/conf_mode/wireguard.py @@ -89,6 +89,9 @@ def get_config(): ### addresses if c.exists(cnf + ' address'): config_data['interfaces'][intfc]['addr'] = c.return_values(cnf + ' address') + ### interface up/down + if c.exists(cnf + ' disable'): + config_data['interfaces'][intfc]['state'] = 'disable' ### listen port if c.exists(cnf + ' port'): config_data['interfaces'][intfc]['lport'] = c.return_value(cnf + ' port') @@ -121,6 +124,7 @@ def get_config(): if c.exists(cnf + ' peer ' + p + ' preshared-key'): config_data['interfaces'][intfc]['peer'][p]['psk'] = c.return_value(cnf + ' peer ' + p + ' preshared-key') + return config_data def verify(c): @@ -159,12 +163,21 @@ def apply(c): c_eff = Config() c_eff.set_level('interfaces wireguard') + ### link status up/down aka interface disable + + for intf in c['interfaces']: + if c['interfaces'][intf]['state'] == 'disable': + sl.syslog(sl.LOG_NOTICE, "disable interface " + intf) + subprocess.call(['ip l s dev ' + intf + ' down ' + ' &>/dev/null'], shell=True) + else: + sl.syslog(sl.LOG_NOTICE, "enable interface " + intf) + subprocess.call(['ip l s dev ' + intf + ' up ' + ' &>/dev/null'], shell=True) + ### deletion of a specific interface for intf in c['interfaces']: if c['interfaces'][intf]['status'] == 'delete': sl.syslog(sl.LOG_NOTICE, "removing interface " + intf) subprocess.call(['ip l d dev ' + intf + ' &>/dev/null'], shell=True) - ### peer deletion peer_eff = c_eff.list_effective_nodes( intf + ' peer') |