diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-11-06 14:58:19 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-11-06 14:58:19 +0000 |
commit | 42f5ae2e7e729e78157c24893b984ef30bd0498d (patch) | |
tree | 10e14a0dd798b7503c68e680de1e6478ef58df44 /src | |
parent | fd9e2c24e739fd327f860c45fa00241fd1acca7e (diff) | |
download | vyos-1x-42f5ae2e7e729e78157c24893b984ef30bd0498d.tar.gz vyos-1x-42f5ae2e7e729e78157c24893b984ef30bd0498d.zip |
T5541: firewall: fix ZBF template and ruleset generation for loca-zone rules.
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/firewall.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py index c66b2a7ec..da22fad68 100755 --- a/src/conf_mode/firewall.py +++ b/src/conf_mode/firewall.py @@ -390,6 +390,19 @@ def generate(firewall): if not os.path.exists(nftables_conf): firewall['first_install'] = True + if 'zone' in firewall: + for local_zone, local_zone_conf in firewall['zone'].items(): + if 'local_zone' not in local_zone_conf: + continue + + local_zone_conf['from_local'] = {} + + for zone, zone_conf in firewall['zone'].items(): + if zone == local_zone or 'from' not in zone_conf: + continue + if local_zone in zone_conf['from']: + local_zone_conf['from_local'][zone] = zone_conf['from'][local_zone] + # Determine if conntrack is needed firewall['ipv4_conntrack_action'] = 'return' firewall['ipv6_conntrack_action'] = 'return' |