2 files changed, 104 insertions, 1 deletions

diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index 33144c7fa..2829edbfb 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -1273,5 +1273,39 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         with self.assertRaises(ConfigSessionError):
             self.cli_commit()
 
+    def test_ipv4_remote_group(self):
+        # Setup base config for test
+        self.cli_set(['firewall', 'group', 'remote-group', 'group01', 'url', 'http://127.0.0.1:80/list.txt'])
+        self.cli_set(['firewall', 'group', 'remote-group', 'group01', 'description', 'Example Group 01'])
+        self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '10', 'action', 'drop'])
+        self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '10', 'protocol', 'tcp'])
+        self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '10', 'destination', 'group', 'remote-group', 'group01'])
+
+        self.cli_commit()
+
+        # Test remote-group had been loaded correctly in nft
+        nftables_search = [
+            ['R_group01'],
+            ['type ipv4_addr'],
+            ['flags interval'],
+            ['meta l4proto', 'daddr @R_group01', "ipv4-INP-filter-10"]
+        ]
+        self.verify_nftables(nftables_search, 'ip vyos_filter')
+
+        # Test remote-group cannot be configured without a URL
+        self.cli_delete(['firewall', 'group', 'remote-group', 'group01', 'url'])
+
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        self.cli_discard()
+
+        # Test remote-group cannot be set alongside address in rules
+        self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '10', 'destination', 'address', '127.0.0.1'])
+
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        self.cli_discard()
+
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_protocols_mpls.py b/smoketest/scripts/cli/test_protocols_mpls.py
index 654f2f099..3840c24f4 100755
--- a/smoketest/scripts/cli/test_protocols_mpls.py
+++ b/smoketest/scripts/cli/test_protocols_mpls.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021-2024 VyOS maintainers and contributors
+# Copyright (C) 2021-2025 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -121,5 +121,74 @@ class TestProtocolsMPLS(VyOSUnitTestSHIM.TestCase):
         for interface in interfaces:
             self.assertIn(f'  interface {interface}', afiv4_config)
 
+    def test_02_mpls_disable_establish_hello(self):
+        router_id = '1.2.3.4'
+        transport_ipv4_addr = '5.6.7.8'
+        transport_ipv6_addr = '2001:db8:1111::1111'
+        interfaces = Section.interfaces('ethernet')
+
+        self.cli_set(base_path + ['router-id', router_id])
+
+        # At least one LDP interface must be configured
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        for interface in interfaces:
+            self.cli_set(base_path + ['interface', interface, 'disable-establish-hello'])
+
+        # LDP transport address missing
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        self.cli_set(base_path + ['discovery', 'transport-ipv4-address', transport_ipv4_addr])
+        self.cli_set(base_path + ['discovery', 'transport-ipv6-address', transport_ipv6_addr])
+
+        # Commit changes
+        self.cli_commit()
+
+        # Validate configuration
+        frrconfig = self.getFRRconfig('mpls ldp', endsection='^exit')
+        self.assertIn(f'mpls ldp', frrconfig)
+        self.assertIn(f' router-id {router_id}', frrconfig)
+
+        # Validate AFI IPv4
+        afiv4_config = self.getFRRconfig('mpls ldp', endsection='^exit',
+                                         substring=' address-family ipv4',
+                                         endsubsection='^ exit-address-family')
+        self.assertIn(f'  discovery transport-address {transport_ipv4_addr}', afiv4_config)
+        for interface in interfaces:
+            self.assertIn(f'  interface {interface}', afiv4_config)
+            self.assertIn(f'   disable-establish-hello', afiv4_config)
+
+        # Validate AFI IPv6
+        afiv6_config = self.getFRRconfig('mpls ldp', endsection='^exit',
+                                         substring=' address-family ipv6',
+                                         endsubsection='^ exit-address-family')
+        self.assertIn(f'  discovery transport-address {transport_ipv6_addr}', afiv6_config)
+        for interface in interfaces:
+            self.assertIn(f'  interface {interface}', afiv6_config)
+            self.assertIn(f'   disable-establish-hello', afiv6_config)
+
+        # Delete disable-establish-hello
+        for interface in interfaces:
+            self.cli_delete(base_path + ['interface', interface, 'disable-establish-hello'])
+
+        # Commit changes
+        self.cli_commit()
+
+        # Validate AFI IPv4
+        afiv4_config = self.getFRRconfig('mpls ldp', endsection='^exit',
+                                         substring=' address-family ipv4',
+                                         endsubsection='^ exit-address-family')
+        # Validate AFI IPv6
+        afiv6_config = self.getFRRconfig('mpls ldp', endsection='^exit',
+                                         substring=' address-family ipv6',
+                                         endsubsection='^ exit-address-family')
+        # Check deleted 'disable-establish-hello' option per interface
+        for interface in interfaces:
+            self.assertIn(f'  interface {interface}', afiv4_config)
+            self.assertNotIn(f'   disable-establish-hello', afiv4_config)
+            self.assertIn(f'  interface {interface}', afiv6_config)
+            self.assertNotIn(f'   disable-establish-hello', afiv6_config)
+
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)