Skip to content

Commit

Permalink
T6841: firewall: migrate existing VRF in zone based firewall
Browse files Browse the repository at this point in the history 
VRF support was introduced in VyOS 1.4.0. If a VRF is added as an interface in
the zone based firewall, it will be migrated to the new syntax.

OLD:
  set firewall zone FOO interface RED
  set firewall zone FOO interface eth0

NEW:
  set firewall zone FOO member vrf RED
  set firewall zone FOO member interface eth0
  • Loading branch information
@c-po
c-po committed Jan 6, 2025
1 parent 3b04cc2 commit dda428f
Showing 1 changed file with 14 additions and 10 deletions.
24 changes: 14 additions & 10 deletions src/migration-scripts/firewall/17-to-18
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (C) 2024 VyOS maintainers and contributors
# Copyright (C) 2024-2025 VyOS maintainers and contributors
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
Expand All @@ -14,12 +14,11 @@
# along with this library. If not, see <http://www.gnu.org/licenses/>.

# From
# set firewall zone <zone> interface <iface>
# set firewall zone <zone> interface RED
# set firewall zone <zone> interface eth0
# To
# set firewall zone <zone> member interface <iface>
# or
# set firewall zone <zone> member vrf <vrf>

# set firewall zone <zone> member vrf RED
# set firewall zone <zone> member interface eth0

from vyos.configtree import ConfigTree

Expand All @@ -31,7 +30,12 @@ def migrate(config: ConfigTree) -> None:
return

for zone in config.list_nodes(base):
if config.exists(base + [zone, 'interface']):
for iface in config.return_values(base + [zone, 'interface']):
config.set(base + [zone, 'member', 'interface'], value=iface, replace=False)
config.delete(base + [zone, 'interface'])
zone_iface_base = base + [zone, 'interface']
zone_member_base = base + [zone, 'member']
if config.exists(zone_iface_base):
for iface in config.return_values(zone_iface_base):
if config.exists(['vrf', 'name', iface]):
config.set(zone_member_base + ['vrf'], value=iface, replace=False)
else:
config.set(zone_member_base + ['interface'], value=iface, replace=False)
config.delete(zone_iface_base)

0 comments on commit dda428f

Please sign in to comment.