From dda428fc42c44decb3e661a7b6ba4e55b178dc4f Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 6 Jan 2025 11:56:53 +0100 Subject: T6841: firewall: migrate existing VRF in zone based firewall VRF support was introduced in VyOS 1.4.0. If a VRF is added as an interface in the zone based firewall, it will be migrated to the new syntax. OLD: set firewall zone FOO interface RED set firewall zone FOO interface eth0 NEW: set firewall zone FOO member vrf RED set firewall zone FOO member interface eth0 --- src/migration-scripts/firewall/17-to-18 | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/migration-scripts/firewall/17-to-18 b/src/migration-scripts/firewall/17-to-18 index 891f9f195..34ce6aa07 100755 --- a/src/migration-scripts/firewall/17-to-18 +++ b/src/migration-scripts/firewall/17-to-18 @@ -1,4 +1,4 @@ -# Copyright (C) 2024 VyOS maintainers and contributors +# Copyright (C) 2024-2025 VyOS maintainers and contributors # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -14,12 +14,11 @@ # along with this library. If not, see . # From - # set firewall zone interface +# set firewall zone interface RED +# set firewall zone interface eth0 # To - # set firewall zone member interface - # or - # set firewall zone member vrf - +# set firewall zone member vrf RED +# set firewall zone member interface eth0 from vyos.configtree import ConfigTree @@ -31,7 +30,12 @@ def migrate(config: ConfigTree) -> None: return for zone in config.list_nodes(base): - if config.exists(base + [zone, 'interface']): - for iface in config.return_values(base + [zone, 'interface']): - config.set(base + [zone, 'member', 'interface'], value=iface, replace=False) - config.delete(base + [zone, 'interface']) \ No newline at end of file + zone_iface_base = base + [zone, 'interface'] + zone_member_base = base + [zone, 'member'] + if config.exists(zone_iface_base): + for iface in config.return_values(zone_iface_base): + if config.exists(['vrf', 'name', iface]): + config.set(zone_member_base + ['vrf'], value=iface, replace=False) + else: + config.set(zone_member_base + ['interface'], value=iface, replace=False) + config.delete(zone_iface_base) -- cgit v1.2.3