From 27daf4a6cd4928be41ed08330ccc1b7f04ad2638 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 12 Feb 2022 08:44:43 +0100 Subject: policy: T2199: bugfix verify_rule() on negated groups Related to #1215 --- src/conf_mode/policy-route.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/conf_mode') diff --git a/src/conf_mode/policy-route.py b/src/conf_mode/policy-route.py index 82f668acf..3d1d7d8c5 100755 --- a/src/conf_mode/policy-route.py +++ b/src/conf_mode/policy-route.py @@ -123,6 +123,10 @@ def verify_rule(policy, name, rule_conf, ipv6): for group in valid_groups: if group in side_conf['group']: group_name = side_conf['group'][group] + + if group_name.startswith('!'): + group_name = group_name[1:] + fw_group = f'ipv6_{group}' if ipv6 and group in ['address_group', 'network_group'] else group error_group = fw_group.replace("_", "-") group_obj = dict_search_args(policy['firewall_group'], fw_group, group_name) -- cgit v1.2.3