summaryrefslogtreecommitdiff
path: root/src/migration-scripts/firewall/6-to-7
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2022-05-12 12:24:24 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2022-05-12 12:24:24 +0000
commit44326619582f52f5439e301271f728e206e18f8b (patch)
treea5ce1dfa04768a00ccbab52cea98cb03d9b4adb4 /src/migration-scripts/firewall/6-to-7
parent1ca645d1a499441abb74c549e7e1fbd03087097d (diff)
downloadvyos-1x-44326619582f52f5439e301271f728e206e18f8b.tar.gz
vyos-1x-44326619582f52f5439e301271f728e206e18f8b.zip
Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8
Diffstat (limited to 'src/migration-scripts/firewall/6-to-7')
-rwxr-xr-xsrc/migration-scripts/firewall/6-to-727
1 files changed, 0 insertions, 27 deletions
diff --git a/src/migration-scripts/firewall/6-to-7 b/src/migration-scripts/firewall/6-to-7
index 1e698da0b..5f4cff90d 100755
--- a/src/migration-scripts/firewall/6-to-7
+++ b/src/migration-scripts/firewall/6-to-7
@@ -19,11 +19,6 @@
# utc: nftables userspace uses localtime and calculates the UTC offset automatically
# icmp/v6: migrate previously available `type-name` to valid type/code
# T4178: Update tcp flags to use multi value node
-# T3907: Add log levels
-# `enable-default-log` --> `enable-default-log warn`
-# `rule X log enable` --> `rule X log warn`
-# `rule X log disable` --> No log config
-
import re
@@ -105,9 +100,6 @@ icmpv6_translations = {
if config.exists(base + ['name']):
for name in config.list_nodes(base + ['name']):
- if config.exists(base + ['name', name, 'enable-default-log']):
- config.set(base + ['name', name, 'enable-default-log'], value='warn')
-
if not config.exists(base + ['name', name, 'rule']):
continue
@@ -116,7 +108,6 @@ if config.exists(base + ['name']):
rule_time = base + ['name', name, 'rule', rule, 'time']
rule_tcp_flags = base + ['name', name, 'rule', rule, 'tcp', 'flags']
rule_icmp = base + ['name', name, 'rule', rule, 'icmp']
- rule_log = base + ['name', name, 'rule', rule, 'log']
if config.exists(rule_time + ['monthdays']):
config.delete(rule_time + ['monthdays'])
@@ -155,13 +146,6 @@ if config.exists(base + ['name']):
config.set(rule_icmp + ['type'], value=translate[0])
config.set(rule_icmp + ['code'], value=translate[1])
- if config.exists(rule_log):
- tmp = config.return_value(rule_log)
- if tmp == 'disable':
- config.delete(rule_log)
- else:
- config.set(rule_log, value='warn')
-
for src_dst in ['destination', 'source']:
pg_base = base + ['name', name, 'rule', rule, src_dst, 'group', 'port-group']
proto_base = base + ['name', name, 'rule', rule, 'protocol']
@@ -169,9 +153,6 @@ if config.exists(base + ['name']):
config.set(proto_base, value='tcp_udp')
if config.exists(base + ['ipv6-name']):
- if config.exists(base + ['ipv6-name', name, 'enable-default-log']):
- config.set(base + ['ipv6-name', name, 'enable-default-log'], value='warn')
-
for name in config.list_nodes(base + ['ipv6-name']):
if not config.exists(base + ['ipv6-name', name, 'rule']):
continue
@@ -181,7 +162,6 @@ if config.exists(base + ['ipv6-name']):
rule_time = base + ['ipv6-name', name, 'rule', rule, 'time']
rule_tcp_flags = base + ['ipv6-name', name, 'rule', rule, 'tcp', 'flags']
rule_icmp = base + ['ipv6-name', name, 'rule', rule, 'icmpv6']
- rule_log = base + ['ipv6-name', name, 'rule', rule, 'log']
if config.exists(rule_time + ['monthdays']):
config.delete(rule_time + ['monthdays'])
@@ -232,13 +212,6 @@ if config.exists(base + ['ipv6-name']):
else:
config.rename(rule_icmp + ['type'], 'type-name')
- if config.exists(rule_log):
- tmp = config.return_value(rule_log)
- if tmp == 'disable':
- config.delete(rule_log)
- else:
- config.set(rule_log, value='warn')
-
for src_dst in ['destination', 'source']:
pg_base = base + ['ipv6-name', name, 'rule', rule, src_dst, 'group', 'port-group']
proto_base = base + ['ipv6-name', name, 'rule', rule, 'protocol']