From 76684692f8976aa567cf896586b4e6d3b00385f9 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Fri, 10 Jun 2022 14:57:11 +0000
Subject: firewall: T970: Fix for Regex for domain and check empty group

It can be more then 5 symbols in top-level-domain address
for example '.photography' and '.accountants'

Firewall group can be added without address:
    * set firewall group domain-group DOMAIN
Check if 'address' exists in group_config
---
 src/conf_mode/firewall.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/conf_mode/firewall.py')

diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 335098bf1..fbe0a3a13 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -423,8 +423,9 @@ def apply(firewall):
             call('systemctl restart vyos-domain-group-resolve.service')
             for group, group_config in firewall['group']['domain_group'].items():
                 domains = []
-                for address in group_config['address']:
-                    domains.append(address)
+                if group_config.get('address') is not None:
+                    for address in group_config.get('address'):
+                        domains.append(address)
                 # Add elements to domain-group, try to resolve domain => ip
                 # and add elements to nft set
                 ip_dict = get_ips_domains_dict(domains)
-- 
cgit v1.2.3