From ea6eff90407043e1d64a0cd5424ec6e44b04b1d4 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Fri, 16 May 2025 10:17:21 +0000
Subject: T7414: Fix conntrack ignore rules for using several ports

If we use several port for the `conntrack ignore` there
have to be used curly braces for nftables

Incorrect format: dport  500,4500
Correct format: dport { 500, 4500 }
---
 python/vyos/template.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'python')

diff --git a/python/vyos/template.py b/python/vyos/template.py
index 11e1cc50f..aa215db95 100755
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -728,7 +728,7 @@ def conntrack_rule(rule_conf, rule_id, action, ipv6=False):
                 if port[0] == '!':
                     operator = '!='
                     port = port[1:]
-                output.append(f'th {prefix}port {operator} {port}')
+                output.append(f'th {prefix}port {operator} {{ {port} }}')
 
             if 'group' in side_conf:
                 group = side_conf['group']
-- 
cgit v1.2.3