From 5303f7a0ce341e0eb975d107fa4b624c481fedd4 Mon Sep 17 00:00:00 2001 From: Tommaso Bailetti Date: Tue, 12 Nov 2024 14:13:47 +0100 Subject: [PATCH] fix(firewall): fixing duplicate creation of ipsets --- src/nethsec/firewall/__init__.py | 4 ++-- tests/test_firewall.py | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/nethsec/firewall/__init__.py b/src/nethsec/firewall/__init__.py index 28525bfb..bbce94a8 100644 --- a/src/nethsec/firewall/__init__.py +++ b/src/nethsec/firewall/__init__.py @@ -1953,9 +1953,9 @@ def update_redirect_rules(uci): pass else: # create a full ipset configuration for the redirect rule - uci.set('firewall', section, 'ipset', f"{id}_ipset") + uci.set('firewall', section, 'ipset', f"{section}_ipset") uci.set('firewall', f"{section}_ipset", "ipset") - uci.set('firewall', f"{section}_ipset", "name", f"{id}_ipset") + uci.set('firewall', f"{section}_ipset", "name", f"{section}_ipset") uci.set('firewall', f"{section}_ipset", "match", "src_net") uci.set('firewall', f"{section}_ipset", "enabled", "1") uci.set('firewall', f"{section}_ipset", 'ns_link', f"firewall/{section}") diff --git a/tests/test_firewall.py b/tests/test_firewall.py index 36958137..3e39b8ab 100644 --- a/tests/test_firewall.py +++ b/tests/test_firewall.py @@ -1082,8 +1082,9 @@ def test_update_redirect_rules(u): u.set('firewall', 'redirect4', 'ns_dst', f"users/ns_user1") firewall.update_redirect_rules(u) assert u.get("firewall", "redirect4", "dest_ip") == "10.10.10.22" - assert u.get("firewall", "redirect4", "ipset") == f"{host1}_ipset" + assert u.get("firewall", "redirect4", "ipset") == f"redirect4_ipset" assert u.get("firewall", "redirect4_ipset") + assert u.get('firewall', 'redirect4_ipset', 'ns_link') == f'firewall/redirect4' def test_update_firewall_rules(u): domain1 = objects.add_domain_set(u, "d1", "ipv4", ["test1.com", "test2.com"])