From 9a5dfb4b7ec9e065a73511a38e1713aec03eee0e Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Fri, 28 Oct 2022 18:19:47 +0000
Subject: T4780: Firewall: add firewall groups in firewall. Extend matching
 criteria so this new group can be used in inbound and outbound matcher

---
 data/templates/firewall/nftables-defines.j2 | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'data')

diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2
index 5336f7ee6..b9ebf4d5c 100644
--- a/data/templates/firewall/nftables-defines.j2
+++ b/data/templates/firewall/nftables-defines.j2
@@ -77,5 +77,18 @@
     }
 {%         endfor %}
 {%     endif %}
+{%     if group.interface_group is vyos_defined %}
+{%         for group_name, group_conf in group.interface_group.items() %}
+{%             set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
+    set I_{{ group_name }} {
+        type ifname
+        flags interval
+        auto-merge
+{%             if group_conf.interface is vyos_defined or includes %}
+        elements = { {{ group_conf.interface | nft_nested_group(includes, group.interface_group, 'interface') | join(",") }} }
+{%             endif %}
+    }
+{%         endfor %}
+{%     endif %}
 {% endif %}
 {% endmacro %}
-- 
cgit v1.2.3