policy: T2199: bugfix verify_rule() on negated groups

Related to #1215
author: Christian Poessinger <christian@poessinger.com> 2022-02-12 08:44:43 +0100
committer: Christian Poessinger <christian@poessinger.com> 2022-02-12 08:45:24 +0100
commit: 27daf4a6cd4928be41ed08330ccc1b7f04ad2638 (patch)
tree: a4f5db21f1b2f687849ff76f83e6f8be7a778831 /src/conf_mode
parent: 403faebaba8f1cfcdd0212057e63ca21301d38b7 (diff)
download: vyos-1x-27daf4a6cd4928be41ed08330ccc1b7f04ad2638.tar.gz
vyos-1x-27daf4a6cd4928be41ed08330ccc1b7f04ad2638.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/policy-route.py b/src/conf_mode/policy-route.py
index 82f668acf..3d1d7d8c5 100755
--- a/src/conf_mode/policy-route.py
+++ b/src/conf_mode/policy-route.py
@@ -123,6 +123,10 @@ def verify_rule(policy, name, rule_conf, ipv6):
                 for group in valid_groups:
                     if group in side_conf['group']:
                         group_name = side_conf['group'][group]
+
+                        if group_name.startswith('!'):
+                            group_name = group_name[1:]
+
                         fw_group = f'ipv6_{group}' if ipv6 and group in ['address_group', 'network_group'] else group
                         error_group = fw_group.replace("_", "-")
                         group_obj = dict_search_args(policy['firewall_group'], fw_group, group_name)
author	Christian Poessinger <christian@poessinger.com>	2022-02-12 08:44:43 +0100
committer	Christian Poessinger <christian@poessinger.com>	2022-02-12 08:45:24 +0100
commit	27daf4a6cd4928be41ed08330ccc1b7f04ad2638 (patch)
tree	a4f5db21f1b2f687849ff76f83e6f8be7a778831 /src/conf_mode
parent	403faebaba8f1cfcdd0212057e63ca21301d38b7 (diff)
download	vyos-1x-27daf4a6cd4928be41ed08330ccc1b7f04ad2638.tar.gz vyos-1x-27daf4a6cd4928be41ed08330ccc1b7f04ad2638.zip