2 files changed, 22 insertions, 3 deletions

diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 28ebf282c..eee11bd2d 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -226,6 +226,14 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
                         operator = '!=' if exclude else '=='
                         operator = f'& {address_mask} {operator}'
                     output.append(f'{ip_name} {prefix}addr {operator} @A{def_suffix}_{group_name}')
+                elif 'dynamic_address_group' in group:
+                    group_name = group['dynamic_address_group']
+                    operator = ''
+                    exclude = group_name[0] == "!"
+                    if exclude:
+                        operator = '!='
+                        group_name = group_name[1:]
+                    output.append(f'{ip_name} {prefix}addr {operator} @DA{def_suffix}_{group_name}')
                 # Generate firewall group domain-group
                 elif 'domain_group' in group:
                     group_name = group['domain_group']
@@ -419,6 +427,18 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
 
     output.append('counter')
 
+    if 'add_address_to_group' in rule_conf:
+        for side in ['destination_address', 'source_address']:
+            if side in rule_conf['add_address_to_group']:
+                prefix = side[0]
+                side_conf = rule_conf['add_address_to_group'][side]
+                dyn_group = side_conf['address_group']
+                if 'timeout' in side_conf:
+                    timeout_value = side_conf['timeout']
+                    output.append(f'set update ip{def_suffix} {prefix}addr timeout {timeout_value} @DA{def_suffix}_{dyn_group}')
+                else:
+                    output.append(f'set update ip{def_suffix} saddr @DA{def_suffix}_{dyn_group}')
+
     if 'set' in rule_conf:
         output.append(parse_policy_set(rule_conf['set'], def_suffix))
 
diff --git a/python/vyos/opmode.py b/python/vyos/opmode.py
index 230a85541..e1af1a682 100644
--- a/python/vyos/opmode.py
+++ b/python/vyos/opmode.py
@@ -1,4 +1,4 @@
-# Copyright 2022-2023 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2022-2024 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -81,7 +81,7 @@ class InternalError(Error):
 
 
 def _is_op_mode_function_name(name):
-    if re.match(r"^(show|clear|reset|restart|add|delete|generate|set)", name):
+    if re.match(r"^(show|clear|reset|restart|add|update|delete|generate|set)", name):
         return True
     else:
         return False
@@ -275,4 +275,3 @@ def run(module):
         # Other functions should not return anything,
         # although they may print their own warnings or status messages
         func(**args)
-