T6841: firewall: migrate existing VRF in zone based firewall

VRF support was introduced in VyOS 1.4.0. If a VRF is added as an interface in the zone based firewall, it will be migrated to the new syntax. OLD: set firewall zone FOO interface RED set firewall zone FOO interface eth0 NEW: set firewall zone FOO member vrf RED set firewall zone FOO member interface eth0
author: Christian Breunig <christian@breunig.cc> 2025-01-06 11:56:53 +0100
committer: Christian Breunig <christian@breunig.cc> 2025-01-06 12:05:22 +0100
commit: dda428fc42c44decb3e661a7b6ba4e55b178dc4f (patch)
tree: a2f3f705ceeed8bcbdff985e7b1b26f63572852f /src/migration-scripts
parent: 3b04cc29f0baf618351d67b4d6aa47f55b54bb20 (diff)
download: vyos-1x-dda428fc42c44decb3e661a7b6ba4e55b178dc4f.tar.gz
vyos-1x-dda428fc42c44decb3e661a7b6ba4e55b178dc4f.zip
1 files changed, 14 insertions, 10 deletions
diff --git a/src/migration-scripts/firewall/17-to-18 b/src/migration-scripts/firewall/17-to-18
index 891f9f195..34ce6aa07 100755
--- a/src/migration-scripts/firewall/17-to-18
+++ b/src/migration-scripts/firewall/17-to-18
@@ -1,4 +1,4 @@
-# Copyright (C) 2024 VyOS maintainers and contributors
+# Copyright (C) 2024-2025 VyOS maintainers and contributors
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -14,12 +14,11 @@
 # along with this library.  If not, see <http://www.gnu.org/licenses/>.
 
 # From
-    # set firewall zone <zone> interface <iface>
+#   set firewall zone <zone> interface RED
+#   set firewall zone <zone> interface eth0
 # To
-    # set firewall zone <zone> member interface <iface>
-    # or
-    # set firewall zone <zone> member vrf <vrf>
-
+#   set firewall zone <zone> member vrf RED
+#   set firewall zone <zone> member interface eth0
 
 from vyos.configtree import ConfigTree
 
@@ -31,7 +30,12 @@ def migrate(config: ConfigTree) -> None:
         return
 
     for zone in config.list_nodes(base):
-        if config.exists(base + [zone, 'interface']):
-            for iface in config.return_values(base + [zone, 'interface']):
-                config.set(base + [zone, 'member', 'interface'], value=iface, replace=False)
-            config.delete(base + [zone, 'interface'])
-\ No newline at end of file
+        zone_iface_base = base + [zone, 'interface']
+        zone_member_base = base + [zone, 'member']
+        if config.exists(zone_iface_base):
+            for iface in config.return_values(zone_iface_base):
+                if config.exists(['vrf', 'name', iface]):
+                    config.set(zone_member_base + ['vrf'], value=iface, replace=False)
+                else:
+                    config.set(zone_member_base + ['interface'], value=iface, replace=False)
+            config.delete(zone_iface_base)
author	Christian Breunig <christian@breunig.cc>	2025-01-06 11:56:53 +0100
committer	Christian Breunig <christian@breunig.cc>	2025-01-06 12:05:22 +0100
commit	dda428fc42c44decb3e661a7b6ba4e55b178dc4f (patch)
tree	a2f3f705ceeed8bcbdff985e7b1b26f63572852f /src/migration-scripts
parent	3b04cc29f0baf618351d67b4d6aa47f55b54bb20 (diff)
download	vyos-1x-dda428fc42c44decb3e661a7b6ba4e55b178dc4f.tar.gz vyos-1x-dda428fc42c44decb3e661a7b6ba4e55b178dc4f.zip