3 files changed, 49 insertions, 9 deletions

diff --git a/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py b/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py
index a613ccd3..93c898e8 100644
--- a/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py
+++ b/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py
@@ -25,6 +25,7 @@
 The arg spec for the vyos_firewall_interfaces module
 """
 
+
 from __future__ import absolute_import, division, print_function
 
 
@@ -45,7 +46,10 @@ class Firewall_interfacesArgs(object):  # pylint: disable=R0903
                     "elements": "dict",
                     "options": {
                         "afi": {
-                            "choices": ["ipv4", "ipv6"],
+                            "choices": [
+                                "ipv4",
+                                "ipv6",
+                            ],
                             "required": True,
                             "type": "str",
                         },
@@ -53,7 +57,11 @@ class Firewall_interfacesArgs(object):  # pylint: disable=R0903
                             "elements": "dict",
                             "options": {
                                 "direction": {
-                                    "choices": ["in", "local", "out"],
+                                    "choices": [
+                                        "in",
+                                        "local",
+                                        "out",
+                                    ],
                                     "required": True,
                                     "type": "str",
                                 },
diff --git a/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py b/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py
index 5c4db736..85a8042f 100644
--- a/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py
+++ b/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py
@@ -27,6 +27,9 @@ from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.u
 )
 
 from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import Facts
+from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils import (
+    get_interface_type,
+)
 
 
 class Firewall_interfaces(ConfigBase):
@@ -393,10 +396,24 @@ class Firewall_interfaces(ConfigBase):
         :param opr: operation flag.
         :return: generated command.
         """
+
+        # Append vif if interface contains a dot
+        vlan = None
+        interface_real = name
+        if "." in name:
+            interface_real, vlan = name.split(".")
+
+        if vlan is not None:
+            interface_real = interface_real + " vif " + vlan
+
+        # if interface name is bondX, then it's a bonding interface. Everything else is an ethernet
+        iftype = get_interface_type(interface_real)
+
         if not opr:
-            cmd = "delete interfaces ethernet" + " " + name + " firewall"
+            cmd = "delete interfaces " + iftype + " " + interface_real + " firewall"
         else:
-            cmd = "set interfaces ethernet" + " " + name + " firewall"
+            cmd = "set interfaces " + iftype + " " + interface_real + " firewall"
+
         if attrib:
             cmd += " " + attrib
         if afi:
diff --git a/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py b/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py
index b9804692..bac31920 100644
--- a/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py
+++ b/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py
@@ -58,7 +58,10 @@ class Firewall_interfacesFacts(object):
             # using mock data instead
             data = self.get_device_data(connection)
         objs = []
-        interfaces = findall(r"^set interfaces ethernet (?:\'*)(\S+)(?:\'*)", data, M)
+        # Search all set from configuration with set interface, including ethernet and bonding
+        interfaces_raw = findall(r"^set interfaces \S+ (\S+) firewall (?:\'*)", data, M)
+        interfaces_vif = findall(r"^set interfaces \S+ (\S+) vif (\d+)* firewall (?:\'*)", data, M)
+        interfaces = interfaces_raw + interfaces_vif
         if interfaces:
             objs = self.get_names(data, interfaces)
         ansible_facts["ansible_network_resources"].pop("firewall_interfaces", None)
@@ -83,10 +86,22 @@ class Firewall_interfacesFacts(object):
         """
         names = []
         for r in set(interfaces):
-            int_regex = r" %s .+$" % r.strip("'")
-            cfg = findall(int_regex, data, M)
-            fi = self.render_config(cfg)
-            fi["name"] = r.strip("'")
+            myvif = None
+            if isinstance(r, tuple):
+                myinterface, myvif = r
+            else:
+                myinterface = r
+            # Parse interfaces that contains string or tuple when the interface is in a vlan
+            if myvif is not None:
+                int_regex = r" %s vif \d+ firewall .+$" % myinterface
+                cfg = findall(int_regex, data, M)
+                fi = self.render_config(cfg)
+                fi["name"] = myinterface + "." + myvif
+            else:
+                int_regex = r" %s firewall .+$" % myinterface
+                cfg = findall(int_regex, data, M)
+                fi = self.render_config(cfg)
+                fi["name"] = myinterface
             names.append(fi)
         if names:
             names = sorted(names, key=lambda i: i["name"])