From 0cc7e0a49094be809cccff9fb44288d883e6ef05 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Mon, 29 Aug 2022 14:55:32 +0000
Subject: firewall: T4655: Fix default action 'drop' for the firewall

For some reason after firewall rewriting we are having default
action 'accept' for 1.4 and default action 'drop' for 1.3
Fix this issue, set default action 'drop'
---
 python/vyos/template.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'python')

diff --git a/python/vyos/template.py b/python/vyos/template.py
index eb7f06480..62303bd55 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -1,4 +1,4 @@
-# Copyright 2019-2020 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2019-2022 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -550,7 +550,7 @@ def nft_rule(rule_conf, fw_name, rule_id, ip_name='ip'):
 @register_filter('nft_default_rule')
 def nft_default_rule(fw_conf, fw_name):
     output = ['counter']
-    default_action = fw_conf.get('default_action', 'accept')
+    default_action = fw_conf.get('default_action', 'drop')
 
     if 'enable_default_log' in fw_conf:
         action_suffix = default_action[:1].upper()
-- 
cgit v1.2.3