From 76684692f8976aa567cf896586b4e6d3b00385f9 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Fri, 10 Jun 2022 14:57:11 +0000
Subject: firewall: T970: Fix for Regex for domain and check empty group
It can be more then 5 symbols in top-level-domain address
for example '.photography' and '.accountants'
Firewall group can be added without address:
* set firewall group domain-group DOMAIN
Check if 'address' exists in group_config
---
interface-definitions/firewall.xml.in | 2 +-
src/conf_mode/firewall.py | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 63095bc20..3250794d3 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -117,7 +117,7 @@
<description>Domain address to match</description>
</valueHelp>
<constraint>
- <regex>[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}?(\/.*)?</regex>
+ <regex>[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,99}?(\/.*)?</regex>
</constraint>
<multi/>
</properties>
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 335098bf1..fbe0a3a13 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -423,8 +423,9 @@ def apply(firewall):
call('systemctl restart vyos-domain-group-resolve.service')
for group, group_config in firewall['group']['domain_group'].items():
domains = []
- for address in group_config['address']:
- domains.append(address)
+ if group_config.get('address') is not None:
+ for address in group_config.get('address'):
+ domains.append(address)
# Add elements to domain-group, try to resolve domain => ip
# and add elements to nft set
ip_dict = get_ips_domains_dict(domains)
--
cgit v1.2.3