summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-01-29 23:34:05 +0100
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-01-29 23:34:05 +0100
commit985a9e8536cb7f049e82dd1c7333ecced34563fa (patch)
treee47e9ab8d4750250c3e32ef0ff2d5e37889e6017 /src/conf_mode
parented67750b94e8bc779ec0e2cf6d568a3f7292de13 (diff)
downloadvyos-1x-985a9e8536cb7f049e82dd1c7333ecced34563fa.tar.gz
vyos-1x-985a9e8536cb7f049e82dd1c7333ecced34563fa.zip
firewall: T4216: Add support for negated firewall groups
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/firewall.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 5b6c57d04..064b2d5a3 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -204,6 +204,10 @@ def verify_rule(firewall, rule_conf, ipv6):
for group in valid_groups:
if group in side_conf['group']:
group_name = side_conf['group'][group]
+
+ if group_name and group_name[0] == '!':
+ group_name = group_name[1:]
+
fw_group = f'ipv6_{group}' if ipv6 and group in ['address_group', 'network_group'] else group
error_group = fw_group.replace("_", "-")
group_obj = dict_search_args(firewall, 'group', fw_group, group_name)