3 files changed, 20 insertions, 17 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py
index eb7f06480..62303bd55 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -1,4 +1,4 @@
-# Copyright 2019-2020 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2019-2022 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -550,7 +550,7 @@ def nft_rule(rule_conf, fw_name, rule_id, ip_name='ip'):
 @register_filter('nft_default_rule')
 def nft_default_rule(fw_conf, fw_name):
     output = ['counter']
-    default_action = fw_conf.get('default_action', 'accept')
+    default_action = fw_conf.get('default_action', 'drop')
 
     if 'enable_default_log' in fw_conf:
         action_suffix = default_action[:1].upper()
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index 85819a77e..a72e82a83 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -44,7 +44,7 @@ if LooseVersion(kernel_version()) > LooseVersion('5.1'):
 else:
     k_mod = ['nft_nat', 'nft_chain_nat_ipv4']
 
-nftables_nat_config = '/tmp/vyos-nat-rules.nft'
+nftables_nat_config = '/run/nftables_nat.conf'
 
 def get_handler(json, chain, target):
     """ Get nftable rule handler number of given chain/target combination.
@@ -186,16 +186,12 @@ def generate(nat):
     # dry-run newly generated configuration
     tmp = run(f'nft -c -f {nftables_nat_config}')
     if tmp > 0:
-        if os.path.exists(nftables_nat_config):
-            os.unlink(nftables_nat_config)
         raise ConfigError('Configuration file errors encountered!')
 
     return None
 
 def apply(nat):
     cmd(f'nft -f {nftables_nat_config}')
-    if os.path.isfile(nftables_nat_config):
-        os.unlink(nftables_nat_config)
 
     return None
 
diff --git a/src/conf_mode/system_console.py b/src/conf_mode/system_console.py
index 86985d765..e922edc4e 100755
--- a/src/conf_mode/system_console.py
+++ b/src/conf_mode/system_console.py
@@ -16,6 +16,7 @@
 
 import os
 import re
+from pathlib import Path
 
 from vyos.config import Config
 from vyos.configdict import dict_merge
@@ -68,18 +69,15 @@ def verify(console):
             # amount of connected devices. We will resolve the fixed device name
             # to its dynamic device file - and create a new dict entry for it.
             by_bus_device = f'{by_bus_dir}/{device}'
-            if os.path.isdir(by_bus_dir) and os.path.exists(by_bus_device):
-                device = os.path.basename(os.readlink(by_bus_device))
-
-        # If the device name still starts with usbXXX no matching tty was found
-        # and it can not be used as a serial interface
-        if device.startswith('usb'):
-            raise ConfigError(f'Device {device} does not support beeing used as tty')
+            # If the device name still starts with usbXXX no matching tty was found
+            # and it can not be used as a serial interface
+            if not os.path.isdir(by_bus_dir) or not os.path.exists(by_bus_device):
+                raise ConfigError(f'Device {device} does not support beeing used as tty')
 
     return None
 
 def generate(console):
-    base_dir = '/etc/systemd/system'
+    base_dir = '/run/systemd/system'
     # Remove all serial-getty configuration files in advance
     for root, dirs, files in os.walk(base_dir):
         for basename in files:
@@ -90,7 +88,8 @@ def generate(console):
     if not console or 'device' not in console:
         return None
 
-    for device, device_config in console['device'].items():
+    # replace keys in the config for ttyUSB items to use them in `apply()` later
+    for device in console['device'].copy():
         if device.startswith('usb'):
             # It is much easiert to work with the native ttyUSBn name when using
             # getty, but that name may change across reboots - depending on the
@@ -98,9 +97,17 @@ def generate(console):
             # to its dynamic device file - and create a new dict entry for it.
             by_bus_device = f'{by_bus_dir}/{device}'
             if os.path.isdir(by_bus_dir) and os.path.exists(by_bus_device):
-                device = os.path.basename(os.readlink(by_bus_device))
+                device_updated = os.path.basename(os.readlink(by_bus_device))
+
+                # replace keys in the config to use them in `apply()` later
+                console['device'][device_updated] = console['device'][device]
+                del console['device'][device]
+            else:
+                raise ConfigError(f'Device {device} does not support beeing used as tty')
 
+    for device, device_config in console['device'].items():
         config_file = base_dir + f'/serial-getty@{device}.service'
+        Path(f'{base_dir}/getty.target.wants').mkdir(exist_ok=True)
         getty_wants_symlink = base_dir + f'/getty.target.wants/serial-getty@{device}.service'
 
         render(config_file, 'getty/serial-getty.service.j2', device_config)