summaryrefslogtreecommitdiff
path: root/src/helpers
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-06-05 10:59:47 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-06-05 10:59:47 +0200
commitd1bdf2b9d80d2e34b7370823d6f684102d7c9f4e (patch)
treea39307f088a78d4e0b9503a2a9a0d612c949c31c /src/helpers
parente990b2f4c045f5d1be02915ec7d8869d5475ed4e (diff)
downloadvyos-1x-d1bdf2b9d80d2e34b7370823d6f684102d7c9f4e.tar.gz
vyos-1x-d1bdf2b9d80d2e34b7370823d6f684102d7c9f4e.zip
firewall: T970: Maintain a domain state to fallback if resolution fails
Diffstat (limited to 'src/helpers')
-rwxr-xr-xsrc/helpers/vyos-domain-group-resolve.py24
1 files changed, 15 insertions, 9 deletions
diff --git a/src/helpers/vyos-domain-group-resolve.py b/src/helpers/vyos-domain-group-resolve.py
index ebb2057ec..e8501cfc6 100755
--- a/src/helpers/vyos-domain-group-resolve.py
+++ b/src/helpers/vyos-domain-group-resolve.py
@@ -28,10 +28,11 @@ from vyos.util import call
base = ['firewall', 'group', 'domain-group']
check_required = True
-count_failed = 0
+# count_failed = 0
# Timeout in sec between checks
timeout = 300
+domain_state = {}
if __name__ == '__main__':
@@ -41,14 +42,19 @@ if __name__ == '__main__':
domain_groups = config.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
for set_name, domain_config in domain_groups.items():
list_domains = domain_config['address']
- elements = get_ips_domains_dict(list_domains)
+ elements = []
+ ip_dict = get_ips_domains_dict(list_domains)
+
+ for domain in list_domains:
+ # Resolution succeeded, update domain state
+ if domain in ip_dict:
+ domain_state[domain] = ip_dict[domain]
+ elements += ip_dict[domain]
+ # Resolution failed, use previous domain state
+ elif domain in domain_state:
+ elements += domain_state[domain]
+
# Resolve successful
- if bool(elements):
+ if elements:
nft_update_set_elements(set_name, elements)
- count_failed = 0
- else:
- count_failed += 1
- # Domains not resolved 3 times by timeout
- if count_failed >= timeout * 3:
- nft_flush_set(set_name)
time.sleep(timeout)