summaryrefslogtreecommitdiff
path: root/src/conf_mode/wireguard.py
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2018-11-30 10:26:36 -0800
committerhagbard <vyosdev@derith.de>2018-11-30 10:26:36 -0800
commita29898b2ea15b7d9cea7fade1b27d38967c52d52 (patch)
tree6671d0d67faae1d5be2ef04a7b9596900352b1f2 /src/conf_mode/wireguard.py
parent652c626644d03ccf7d03de8f51ae5a2a6e27fd66 (diff)
downloadvyos-1x-a29898b2ea15b7d9cea7fade1b27d38967c52d52.tar.gz
vyos-1x-a29898b2ea15b7d9cea7fade1b27d38967c52d52.zip
Fixes: T1061: Wireguard: Missing option to administrativly shutdown interface
Diffstat (limited to 'src/conf_mode/wireguard.py')
-rwxr-xr-xsrc/conf_mode/wireguard.py15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index 353528aba..f5452579e 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -89,6 +89,9 @@ def get_config():
### addresses
if c.exists(cnf + ' address'):
config_data['interfaces'][intfc]['addr'] = c.return_values(cnf + ' address')
+ ### interface up/down
+ if c.exists(cnf + ' disable'):
+ config_data['interfaces'][intfc]['state'] = 'disable'
### listen port
if c.exists(cnf + ' port'):
config_data['interfaces'][intfc]['lport'] = c.return_value(cnf + ' port')
@@ -121,6 +124,7 @@ def get_config():
if c.exists(cnf + ' peer ' + p + ' preshared-key'):
config_data['interfaces'][intfc]['peer'][p]['psk'] = c.return_value(cnf + ' peer ' + p + ' preshared-key')
+
return config_data
def verify(c):
@@ -159,12 +163,21 @@ def apply(c):
c_eff = Config()
c_eff.set_level('interfaces wireguard')
+ ### link status up/down aka interface disable
+
+ for intf in c['interfaces']:
+ if c['interfaces'][intf]['state'] == 'disable':
+ sl.syslog(sl.LOG_NOTICE, "disable interface " + intf)
+ subprocess.call(['ip l s dev ' + intf + ' down ' + ' &>/dev/null'], shell=True)
+ else:
+ sl.syslog(sl.LOG_NOTICE, "enable interface " + intf)
+ subprocess.call(['ip l s dev ' + intf + ' up ' + ' &>/dev/null'], shell=True)
+
### deletion of a specific interface
for intf in c['interfaces']:
if c['interfaces'][intf]['status'] == 'delete':
sl.syslog(sl.LOG_NOTICE, "removing interface " + intf)
subprocess.call(['ip l d dev ' + intf + ' &>/dev/null'], shell=True)
-
### peer deletion
peer_eff = c_eff.list_effective_nodes( intf + ' peer')