diff options
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/firewall.py | 1 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_nhrp.py | 8 | ||||
| -rwxr-xr-x | src/conf_mode/service_monitoring_telegraf.py | 2 |
3 files changed, 5 insertions, 6 deletions
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py index f6caf2f0b..f8ad1f798 100755 --- a/src/conf_mode/firewall.py +++ b/src/conf_mode/firewall.py @@ -48,7 +48,6 @@ airbag.enable() policy_route_conf_script = '/usr/libexec/vyos/conf_mode/policy-route.py' nftables_conf = '/run/nftables.conf' - nftables_zone_conf = '/run/nftables_zone.conf' nftables6_zone_conf = '/run/nftables_zone6.conf' diff --git a/src/conf_mode/protocols_nhrp.py b/src/conf_mode/protocols_nhrp.py index b247ce2ab..991fcc7eb 100755 --- a/src/conf_mode/protocols_nhrp.py +++ b/src/conf_mode/protocols_nhrp.py @@ -94,15 +94,15 @@ def apply(nhrp): comment = f'VYOS_NHRP_{tunnel}' source_address = nhrp['if_tunnel'][tunnel]['source_address'] - rule_handle = find_nftables_rule('ip filter', 'VYOS_FW_OUTPUT', ['ip protocol gre', f'ip saddr {source_address}', 'ip daddr 224.0.0.0/4']) + rule_handle = find_nftables_rule('ip vyos_filter', 'VYOS_FW_OUTPUT', ['ip protocol gre', f'ip saddr {source_address}', 'ip daddr 224.0.0.0/4']) if not rule_handle: - run(f'sudo nft insert rule ip filter VYOS_FW_OUTPUT ip protocol gre ip saddr {source_address} ip daddr 224.0.0.0/4 counter drop comment "{comment}"') + run(f'sudo nft insert rule ip vyos_filter VYOS_FW_OUTPUT ip protocol gre ip saddr {source_address} ip daddr 224.0.0.0/4 counter drop comment "{comment}"') for tunnel in nhrp['del_tunnels']: comment = f'VYOS_NHRP_{tunnel}' - rule_handle = find_nftables_rule('ip filter', 'VYOS_FW_OUTPUT', [f'comment "{comment}"']) + rule_handle = find_nftables_rule('ip vyos_filter', 'VYOS_FW_OUTPUT', [f'comment "{comment}"']) if rule_handle: - remove_nftables_rule('ip filter', 'VYOS_FW_OUTPUT', rule_handle) + remove_nftables_rule('ip vyos_filter', 'VYOS_FW_OUTPUT', rule_handle) action = 'restart' if nhrp and 'tunnel' in nhrp else 'stop' run(f'systemctl {action} opennhrp.service') diff --git a/src/conf_mode/service_monitoring_telegraf.py b/src/conf_mode/service_monitoring_telegraf.py index 53df006a4..427cb6911 100755 --- a/src/conf_mode/service_monitoring_telegraf.py +++ b/src/conf_mode/service_monitoring_telegraf.py @@ -42,7 +42,7 @@ systemd_override = '/etc/systemd/system/telegraf.service.d/10-override.conf' def get_nft_filter_chains(): """ Get nft chains for table filter """ - nft = cmd('nft --json list table ip filter') + nft = cmd('nft --json list table ip vyos_filter') nft = json.loads(nft) chain_list = [] |