summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-02-01 21:41:07 +0100
committerGitHub <noreply@github.com>2024-02-01 21:41:07 +0100
commitb24e2cbef7fc5c4b2a1a4533ff75e01dea0c2b42 (patch)
treeab74c9d546390b4c5585fe740d0898374df6d1b6 /src/conf_mode
parentcd4b03898e99b7317d2cbdf614bc14caf2e9bbce (diff)
parent3ce9583b9420ed72cf45728f439f00b1c4cf5800 (diff)
downloadvyos-1x-b24e2cbef7fc5c4b2a1a4533ff75e01dea0c2b42.tar.gz
vyos-1x-b24e2cbef7fc5c4b2a1a4533ff75e01dea0c2b42.zip
Merge pull request #2924 from vyos/mergify/bp/sagitta/pr-2756
T4839: firewall: Add dynamic address group in firewall configuration (backport #2756)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/nat.py4
-rwxr-xr-xsrc/conf_mode/policy_route.py4
2 files changed, 8 insertions, 0 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index bd9b5162c..26822b755 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -69,6 +69,10 @@ def get_config(config=None):
nat['firewall_group'] = conf.get_config_dict(['firewall', 'group'], key_mangling=('-', '_'), get_first_key=True,
no_tag_node_value_mangle=True)
+ # Remove dynamic firewall groups if present:
+ if 'dynamic_group' in nat['firewall_group']:
+ del nat['firewall_group']['dynamic_group']
+
return nat
def verify_rule(config, err_msg, groups_dict):
diff --git a/src/conf_mode/policy_route.py b/src/conf_mode/policy_route.py
index adad012de..6d7a06714 100755
--- a/src/conf_mode/policy_route.py
+++ b/src/conf_mode/policy_route.py
@@ -53,6 +53,10 @@ def get_config(config=None):
policy['firewall_group'] = conf.get_config_dict(['firewall', 'group'], key_mangling=('-', '_'), get_first_key=True,
no_tag_node_value_mangle=True)
+ # Remove dynamic firewall groups if present:
+ if 'dynamic_group' in policy['firewall_group']:
+ del policy['firewall_group']['dynamic_group']
+
return policy
def verify_rule(policy, name, rule_conf, ipv6, rule_id):