summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2023-12-07 15:21:04 +0000
committerGitHub <noreply@github.com>2023-12-07 15:21:04 +0000
commitf604c177c5182719674c6540006eb10571bc81a4 (patch)
treefa9eec1af54e4117e926877aa83afcdcff32166d /src
parent264f23b95090ada20eef796525383697a06c13cb (diff)
parent4ded8814f036b921a04a54850ca6717aafe91a52 (diff)
downloadvyos-1x-f604c177c5182719674c6540006eb10571bc81a4.tar.gz
vyos-1x-f604c177c5182719674c6540006eb10571bc81a4.zip
Merge pull request #2539 from nicolas-fort/T5775
T5775: firewall: re-add state-policy to firewall. These commands are …
Diffstat (limited to 'src')
-rwxr-xr-xsrc/migration-scripts/firewall/10-to-1118
-rwxr-xr-xsrc/migration-scripts/firewall/12-to-139
2 files changed, 14 insertions, 13 deletions
diff --git a/src/migration-scripts/firewall/10-to-11 b/src/migration-scripts/firewall/10-to-11
index b739fb139..e14ea0e51 100755
--- a/src/migration-scripts/firewall/10-to-11
+++ b/src/migration-scripts/firewall/10-to-11
@@ -63,19 +63,11 @@ if not config.exists(base):
### Migration of state policies
if config.exists(base + ['state-policy']):
- for family in ['ipv4', 'ipv6']:
- for hook in ['forward', 'input', 'output']:
- for priority in ['filter']:
- # Add default-action== accept for compatibility reasons:
- config.set(base + [family, hook, priority, 'default-action'], value='accept')
- position = 1
- for state in config.list_nodes(base + ['state-policy']):
- action = config.return_value(base + ['state-policy', state, 'action'])
- config.set(base + [family, hook, priority, 'rule'])
- config.set_tag(base + [family, hook, priority, 'rule'])
- config.set(base + [family, hook, priority, 'rule', position, 'state', state], value='enable')
- config.set(base + [family, hook, priority, 'rule', position, 'action'], value=action)
- position = position + 1
+ for state in config.list_nodes(base + ['state-policy']):
+ action = config.return_value(base + ['state-policy', state, 'action'])
+ config.set(base + ['global-options', 'state-policy', state, 'action'], value=action)
+ if config.exists(base + ['state-policy', state, 'log']):
+ config.set(base + ['global-options', 'state-policy', state, 'log'], value='enable')
config.delete(base + ['state-policy'])
## migration of global options:
diff --git a/src/migration-scripts/firewall/12-to-13 b/src/migration-scripts/firewall/12-to-13
index 4eaae779b..8396dd9d1 100755
--- a/src/migration-scripts/firewall/12-to-13
+++ b/src/migration-scripts/firewall/12-to-13
@@ -49,6 +49,15 @@ if not config.exists(base):
# Nothing to do
exit(0)
+# State Policy logs:
+if config.exists(base + ['global-options', 'state-policy']):
+ for state in config.list_nodes(base + ['global-options', 'state-policy']):
+ if config.exists(base + ['global-options', 'state-policy', state, 'log']):
+ log_value = config.return_value(base + ['global-options', 'state-policy', state, 'log'])
+ config.delete(base + ['global-options', 'state-policy', state, 'log'])
+ if log_value == 'enable':
+ config.set(base + ['global-options', 'state-policy', state, 'log'])
+
for family in ['ipv4', 'ipv6', 'bridge']:
if config.exists(base + [family]):
for hook in ['forward', 'input', 'output', 'name']: