From de407ab8971d544b4a662bdeabd76c50c29b02d9 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 10 Apr 2022 18:56:36 +0200
Subject: firewall: T4333: migrate to new vyos_defined Jinja2 test

---
 data/templates/firewall/nftables.tmpl | 40 +++++++++++++++++------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

(limited to 'data/templates')

diff --git a/data/templates/firewall/nftables.tmpl b/data/templates/firewall/nftables.tmpl
index 0cc977cf9..3a3f2e04c 100644
--- a/data/templates/firewall/nftables.tmpl
+++ b/data/templates/firewall/nftables.tmpl
@@ -1,6 +1,6 @@
 #!/usr/sbin/nft -f
 
-{% if cleanup_commands is defined %}
+{% if cleanup_commands is vyos_defined %}
 {%   for command in cleanup_commands %}
 {{ command }}
 {%   endfor %}
@@ -9,7 +9,7 @@
 include "/run/nftables_defines.conf"
 
 table ip filter {
-{% if first_install is defined %}
+{% if first_install is vyos_defined %}
     chain VYOS_FW_FORWARD {
         type filter hook forward priority 0; policy accept;
         jump VYOS_POST_FW
@@ -30,14 +30,14 @@ table ip filter {
         ip frag-off & 0x3fff != 0 meta mark set 0xffff1 return
     }
 {% endif %}
-{% if name is defined %}
+{% if name is vyos_defined %}
 {%   set ns = namespace(sets=[]) %}
 {%   for name_text, conf in name.items() %}
     chain NAME_{{ name_text }} {
-{%     if conf.rule is defined %}
-{%       for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not defined %}
+{%     if conf.rule is vyos_defined %}
+{%       for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
         {{ rule_conf | nft_rule(name_text, rule_id) }}
-{%         if rule_conf.recent is defined %}
+{%         if rule_conf.recent is vyos_defined %}
 {%           set ns.sets = ns.sets + [name_text + '_' + rule_id] %}
 {%         endif %}
 {%       endfor %}
@@ -53,15 +53,15 @@ table ip filter {
     }
 {%   endfor %}
 {% endif %}
-{% if state_policy is defined %}
+{% if state_policy is vyos_defined %}
     chain VYOS_STATE_POLICY {
-{%   if state_policy.established is defined %}
+{%   if state_policy.established is vyos_defined %}
         {{ state_policy.established | nft_state_policy('established') }}
 {%   endif %}
-{%   if state_policy.invalid is defined %}
+{%   if state_policy.invalid is vyos_defined %}
         {{ state_policy.invalid | nft_state_policy('invalid') }}
 {%   endif %}
-{%   if state_policy.related is defined %}
+{%   if state_policy.related is vyos_defined %}
         {{ state_policy.related | nft_state_policy('related') }}
 {%   endif %}
         return
@@ -70,7 +70,7 @@ table ip filter {
 }
 
 table ip6 filter {
-{% if first_install is defined %}
+{% if first_install is vyos_defined %}
     chain VYOS_FW6_FORWARD {
         type filter hook forward priority 0; policy accept;
         jump VYOS_POST_FW6
@@ -91,14 +91,14 @@ table ip6 filter {
         exthdr frag exists meta mark set 0xffff1 return
     }
 {% endif %}
-{% if ipv6_name is defined %}
+{% if ipv6_name is vyos_defined %}
 {%   set ns = namespace(sets=[]) %}
 {%   for name_text, conf in ipv6_name.items() %}
     chain NAME6_{{ name_text }} {
-{%     if conf.rule is defined %}
-{%       for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not defined %}
+{%     if conf.rule is vyos_defined %}
+{%       for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
         {{ rule_conf | nft_rule(name_text, rule_id, 'ip6') }}
-{%         if rule_conf.recent is defined %}
+{%         if rule_conf.recent is vyos_defined %}
 {%           set ns.sets = ns.sets + [name_text + '_' + rule_id] %}
 {%         endif %}
 {%       endfor %}
@@ -114,15 +114,15 @@ table ip6 filter {
     }
 {%   endfor %}
 {% endif %}
-{% if state_policy is defined %}
+{% if state_policy is vyos_defined %}
     chain VYOS_STATE_POLICY6 {
-{%   if state_policy.established is defined %}
+{%   if state_policy.established is vyos_defined %}
         {{ state_policy.established | nft_state_policy('established', ipv6=True) }}
 {%   endif %}
-{%   if state_policy.invalid is defined %}
+{%   if state_policy.invalid is vyos_defined %}
         {{ state_policy.invalid | nft_state_policy('invalid', ipv6=True) }}
 {%   endif %}
-{%   if state_policy.related is defined %}
+{%   if state_policy.related is vyos_defined %}
         {{ state_policy.related | nft_state_policy('related', ipv6=True) }}
 {%   endif %}
         return
@@ -130,7 +130,7 @@ table ip6 filter {
 {% endif %}
 }
 
-{% if first_install is defined %}
+{% if first_install is vyos_defined %}
 table ip nat {
     chain PREROUTING {
         type nat hook prerouting priority -100; policy accept;
-- 
cgit v1.2.3