summaryrefslogtreecommitdiff
path: root/src/op_mode/firewall.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/op_mode/firewall.py')
-rwxr-xr-xsrc/op_mode/firewall.py16
1 files changed, 14 insertions, 2 deletions
diff --git a/src/op_mode/firewall.py b/src/op_mode/firewall.py
index 581710b31..9afc40647 100755
--- a/src/op_mode/firewall.py
+++ b/src/op_mode/firewall.py
@@ -127,7 +127,13 @@ def output_firewall_name_statistics(hook, prior, prior_conf, ipv6=False, single_
if not source_addr:
source_addr = dict_search_args(rule_conf, 'source', 'group', 'domain_group')
if not source_addr:
- source_addr = '::/0' if ipv6 else '0.0.0.0/0'
+ source_addr = dict_search_args(rule_conf, 'source', 'fqdn')
+ if not source_addr:
+ source_addr = dict_search_args(rule_conf, 'source', 'geoip', 'country_code')
+ if source_addr and 'inverse_match' in dict_search_args(rule_conf, 'source', 'geoip'):
+ source_addr = '!' + str(source_addr)
+ if not source_addr:
+ source_addr = '::/0' if ipv6 else '0.0.0.0/0'
# Get destination
dest_addr = dict_search_args(rule_conf, 'destination', 'address')
@@ -138,7 +144,13 @@ def output_firewall_name_statistics(hook, prior, prior_conf, ipv6=False, single_
if not dest_addr:
dest_addr = dict_search_args(rule_conf, 'destination', 'group', 'domain_group')
if not dest_addr:
- dest_addr = '::/0' if ipv6 else '0.0.0.0/0'
+ dest_addr = dict_search_args(rule_conf, 'destination', 'fqdn')
+ if not dest_addr:
+ dest_addr = dict_search_args(rule_conf, 'destination', 'geoip', 'country_code')
+ if dest_addr and 'inverse_match' in dict_search_args(rule_conf, 'destination', 'geoip'):
+ dest_addr = '!' + str(dest_addr)
+ if not dest_addr:
+ dest_addr = '::/0' if ipv6 else '0.0.0.0/0'
# Get inbound interface
iiface = dict_search_args(rule_conf, 'inbound_interface', 'interface_name')