From df176d9b9b4cc67ae509ae2ff17a02f2520cc881 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Tue, 29 Oct 2024 19:05:52 +0000 Subject: T6841: firewall: improve config parsing for ZBF when using VRFs and interfaces attached to VRFs --- src/migration-scripts/firewall/16-to-17 | 0 src/migration-scripts/firewall/17-to-18 | 36 +++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) mode change 100755 => 100644 src/migration-scripts/firewall/16-to-17 create mode 100755 src/migration-scripts/firewall/17-to-18 (limited to 'src/migration-scripts') diff --git a/src/migration-scripts/firewall/16-to-17 b/src/migration-scripts/firewall/16-to-17 old mode 100755 new mode 100644 diff --git a/src/migration-scripts/firewall/17-to-18 b/src/migration-scripts/firewall/17-to-18 new file mode 100755 index 000000000..af16ba8ec --- /dev/null +++ b/src/migration-scripts/firewall/17-to-18 @@ -0,0 +1,36 @@ +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library. If not, see . + +# From + # set firewall zone interface +# To + # set firewall zone interface name + # or + # set firewall zone interface vrf + + +from vyos.configtree import ConfigTree + +base = ['firewall', 'zone'] + +def migrate(config: ConfigTree) -> None: + if not config.exists(base): + # Nothing to do + return + + for zone in config.list_nodes(base): + if config.exists(base + [zone, 'interface']): + for iface in config.return_values(base + [zone, 'interface']): + config.set(base + [zone, 'interface', 'name'], value=iface, replace=False) \ No newline at end of file -- cgit v1.2.3