From deb9bfa02863ea28104f36558ed4e90caba792e3 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Sun, 9 Jan 2022 23:35:30 +0100 Subject: policy: T4155: Fix using incorrect table variable --- python/vyos/firewall.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 8b7402b7e..414ec89c1 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -209,7 +209,7 @@ def parse_policy_set(set_conf, def_suffix): table = set_conf['table'] if table == 'main': table = '254' - mark = 0x7FFFFFFF - int(set_conf['table']) + mark = 0x7FFFFFFF - int(table) out.append(f'meta mark set {mark}') if 'tcp_mss' in set_conf: mss = set_conf['tcp_mss'] -- cgit v1.2.3 From 67ab8154685638b373b139aaf9a936cbcb83a84f Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Sun, 9 Jan 2022 23:36:31 +0100 Subject: firewall: 4149: Fix verify steps being bypassed when base node is removed --- src/conf_mode/firewall.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py index 75382034f..0b4c0854f 100755 --- a/src/conf_mode/firewall.py +++ b/src/conf_mode/firewall.py @@ -104,9 +104,6 @@ def get_config(config=None): conf = Config() base = ['firewall'] - if not conf.exists(base): - return {} - firewall = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) @@ -169,10 +166,6 @@ def verify_rule(firewall, rule_conf, ipv6): raise ConfigError('Protocol must be tcp, udp, or tcp_udp when specifying a port or port-group') def verify(firewall): - # bail out early - looks like removal from running config - if not firewall: - return None - if 'config_trap' in firewall and firewall['config_trap'] == 'enable': if not firewall['trap_targets']: raise ConfigError(f'Firewall config-trap enabled but "service snmp trap-target" is not defined') -- cgit v1.2.3