Skip to content

Commit

Permalink
T5502: firewall: add validator for interface matcher, and allow only …
Browse files Browse the repository at this point in the history 
…interface-name or interface-group
  • Loading branch information
@nicolas-fort
nicolas-fort committed Aug 25, 2023
1 parent 9e0ea58 commit 1a2237b
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/conf_mode/firewall.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,11 @@ def verify_rule(firewall, rule_conf, ipv6):
if 'queue_threshold' in rule_conf['log_options'] and 'group' not in rule_conf['log_options']:
raise ConfigError('log-options queue-threshold defined, but log group is not define')

for direction in ['inbound_interface','outbound_interface']:
if direction in rule_conf:
if 'interface_name' in rule_conf[direction] and 'interface_group' in rule_conf[direction]:
raise ConfigError(f'Cannot specify both interface-group and interface-name for {direction}')

def verify_nested_group(group_name, group, groups, seen):
if 'include' not in group:
return
Expand Down

0 comments on commit 1a2237b

Please sign in to comment.