diff options
| author | Daniil Baturin <daniil@vyos.io> | 2025-03-25 15:20:48 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-25 15:20:48 +0000 |
| commit | 1c66841323ba1fa4f90d3ce3de6ef7cebc07ed97 (patch) | |
| tree | 91c8431c6b5f238d9251177ff0ee1985ad29aef6 /src/op_mode | |
| parent | 3fee8ec30dce8f3987fe468d29109ed4e1bc492a (diff) | |
| parent | 9e2bdc96ea63e7ee1adb002df17e0d9ecc1cd410 (diff) | |
| download | vyos-1x-1c66841323ba1fa4f90d3ce3de6ef7cebc07ed97.tar.gz vyos-1x-1c66841323ba1fa4f90d3ce3de6ef7cebc07ed97.zip | |
Merge pull request #4326 from Embezzle/T5493
firewall: T5493: Implement remote-group
Diffstat (limited to 'src/op_mode')
| -rwxr-xr-x | src/op_mode/firewall.py | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/src/op_mode/firewall.py b/src/op_mode/firewall.py index c197ca434..7a3ab921d 100755 --- a/src/op_mode/firewall.py +++ b/src/op_mode/firewall.py @@ -253,15 +253,17 @@ def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule if not source_addr: source_addr = dict_search_args(rule_conf, 'source', 'group', 'domain_group') if not source_addr: - source_addr = dict_search_args(rule_conf, 'source', 'fqdn') + source_addr = dict_search_args(rule_conf, 'source', 'group', 'remote_group') if not source_addr: - source_addr = dict_search_args(rule_conf, 'source', 'geoip', 'country_code') - if source_addr: - source_addr = str(source_addr)[1:-1].replace('\'','') - if 'inverse_match' in dict_search_args(rule_conf, 'source', 'geoip'): - source_addr = 'NOT ' + str(source_addr) + source_addr = dict_search_args(rule_conf, 'source', 'fqdn') if not source_addr: - source_addr = 'any' + source_addr = dict_search_args(rule_conf, 'source', 'geoip', 'country_code') + if source_addr: + source_addr = str(source_addr)[1:-1].replace('\'','') + if 'inverse_match' in dict_search_args(rule_conf, 'source', 'geoip'): + source_addr = 'NOT ' + str(source_addr) + if not source_addr: + source_addr = 'any' # Get destination dest_addr = dict_search_args(rule_conf, 'destination', 'address') @@ -272,15 +274,17 @@ def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule if not dest_addr: dest_addr = dict_search_args(rule_conf, 'destination', 'group', 'domain_group') if not dest_addr: - dest_addr = dict_search_args(rule_conf, 'destination', 'fqdn') + dest_addr = dict_search_args(rule_conf, 'destination', 'group', 'remote_group') if not dest_addr: - dest_addr = dict_search_args(rule_conf, 'destination', 'geoip', 'country_code') - if dest_addr: - dest_addr = str(dest_addr)[1:-1].replace('\'','') - if 'inverse_match' in dict_search_args(rule_conf, 'destination', 'geoip'): - dest_addr = 'NOT ' + str(dest_addr) + dest_addr = dict_search_args(rule_conf, 'destination', 'fqdn') if not dest_addr: - dest_addr = 'any' + dest_addr = dict_search_args(rule_conf, 'destination', 'geoip', 'country_code') + if dest_addr: + dest_addr = str(dest_addr)[1:-1].replace('\'','') + if 'inverse_match' in dict_search_args(rule_conf, 'destination', 'geoip'): + dest_addr = 'NOT ' + str(dest_addr) + if not dest_addr: + dest_addr = 'any' # Get inbound interface iiface = dict_search_args(rule_conf, 'inbound_interface', 'name') @@ -571,6 +575,8 @@ def show_firewall_group(name=None): row.append("\n".join(sorted(group_conf['port']))) elif 'interface' in group_conf: row.append("\n".join(sorted(group_conf['interface']))) + elif 'url' in group_conf: + row.append(group_conf['url']) else: row.append('N/D') rows.append(row) |