diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-05-12 12:24:24 +0000 |
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-05-12 12:24:24 +0000 |
| commit | 44326619582f52f5439e301271f728e206e18f8b (patch) | |
| tree | a5ce1dfa04768a00ccbab52cea98cb03d9b4adb4 /src/migration-scripts/firewall | |
| parent | 1ca645d1a499441abb74c549e7e1fbd03087097d (diff) | |
| download | vyos-1x-44326619582f52f5439e301271f728e206e18f8b.tar.gz vyos-1x-44326619582f52f5439e301271f728e206e18f8b.zip | |
Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8
Diffstat (limited to 'src/migration-scripts/firewall')
| -rwxr-xr-x | src/migration-scripts/firewall/6-to-7 | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/src/migration-scripts/firewall/6-to-7 b/src/migration-scripts/firewall/6-to-7 index 1e698da0b..5f4cff90d 100755 --- a/src/migration-scripts/firewall/6-to-7 +++ b/src/migration-scripts/firewall/6-to-7 @@ -19,11 +19,6 @@ # utc: nftables userspace uses localtime and calculates the UTC offset automatically # icmp/v6: migrate previously available `type-name` to valid type/code # T4178: Update tcp flags to use multi value node -# T3907: Add log levels -# `enable-default-log` --> `enable-default-log warn` -# `rule X log enable` --> `rule X log warn` -# `rule X log disable` --> No log config - import re @@ -105,9 +100,6 @@ icmpv6_translations = { if config.exists(base + ['name']): for name in config.list_nodes(base + ['name']): - if config.exists(base + ['name', name, 'enable-default-log']): - config.set(base + ['name', name, 'enable-default-log'], value='warn') - if not config.exists(base + ['name', name, 'rule']): continue @@ -116,7 +108,6 @@ if config.exists(base + ['name']): rule_time = base + ['name', name, 'rule', rule, 'time'] rule_tcp_flags = base + ['name', name, 'rule', rule, 'tcp', 'flags'] rule_icmp = base + ['name', name, 'rule', rule, 'icmp'] - rule_log = base + ['name', name, 'rule', rule, 'log'] if config.exists(rule_time + ['monthdays']): config.delete(rule_time + ['monthdays']) @@ -155,13 +146,6 @@ if config.exists(base + ['name']): config.set(rule_icmp + ['type'], value=translate[0]) config.set(rule_icmp + ['code'], value=translate[1]) - if config.exists(rule_log): - tmp = config.return_value(rule_log) - if tmp == 'disable': - config.delete(rule_log) - else: - config.set(rule_log, value='warn') - for src_dst in ['destination', 'source']: pg_base = base + ['name', name, 'rule', rule, src_dst, 'group', 'port-group'] proto_base = base + ['name', name, 'rule', rule, 'protocol'] @@ -169,9 +153,6 @@ if config.exists(base + ['name']): config.set(proto_base, value='tcp_udp') if config.exists(base + ['ipv6-name']): - if config.exists(base + ['ipv6-name', name, 'enable-default-log']): - config.set(base + ['ipv6-name', name, 'enable-default-log'], value='warn') - for name in config.list_nodes(base + ['ipv6-name']): if not config.exists(base + ['ipv6-name', name, 'rule']): continue @@ -181,7 +162,6 @@ if config.exists(base + ['ipv6-name']): rule_time = base + ['ipv6-name', name, 'rule', rule, 'time'] rule_tcp_flags = base + ['ipv6-name', name, 'rule', rule, 'tcp', 'flags'] rule_icmp = base + ['ipv6-name', name, 'rule', rule, 'icmpv6'] - rule_log = base + ['ipv6-name', name, 'rule', rule, 'log'] if config.exists(rule_time + ['monthdays']): config.delete(rule_time + ['monthdays']) @@ -232,13 +212,6 @@ if config.exists(base + ['ipv6-name']): else: config.rename(rule_icmp + ['type'], 'type-name') - if config.exists(rule_log): - tmp = config.return_value(rule_log) - if tmp == 'disable': - config.delete(rule_log) - else: - config.set(rule_log, value='warn') - for src_dst in ['destination', 'source']: pg_base = base + ['ipv6-name', name, 'rule', rule, src_dst, 'group', 'port-group'] proto_base = base + ['ipv6-name', name, 'rule', rule, 'protocol'] |