T4839: firewall: Add dynamic address group in firewall configuration, and appropiate commands to populate such groups using source and destination address of the packet.

(cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122)

2 files changed, 8 insertions, 0 deletions

diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index bd9b5162c..26822b755 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -69,6 +69,10 @@ def get_config(config=None):
     nat['firewall_group'] = conf.get_config_dict(['firewall', 'group'], key_mangling=('-', '_'), get_first_key=True,
                                     no_tag_node_value_mangle=True)
 
+    # Remove dynamic firewall groups if present:
+    if 'dynamic_group' in nat['firewall_group']:
+        del nat['firewall_group']['dynamic_group']
+
     return nat
 
 def verify_rule(config, err_msg, groups_dict):
diff --git a/src/conf_mode/policy_route.py b/src/conf_mode/policy_route.py
index adad012de..6d7a06714 100755
--- a/src/conf_mode/policy_route.py
+++ b/src/conf_mode/policy_route.py
@@ -53,6 +53,10 @@ def get_config(config=None):
     policy['firewall_group'] = conf.get_config_dict(['firewall', 'group'], key_mangling=('-', '_'), get_first_key=True,
                                     no_tag_node_value_mangle=True)
 
+    # Remove dynamic firewall groups if present:
+    if 'dynamic_group' in policy['firewall_group']:
+        del policy['firewall_group']['dynamic_group']
+
     return policy
 
 def verify_rule(policy, name, rule_conf, ipv6, rule_id):