firewall: fix object removal from rule

NethServer · Jun 28, 2024 · a7bbf77 · a7bbf77
1 parent 383f61a
commit a7bbf77
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/src/nethsec/firewall/__init__.py b/src/nethsec/firewall/__init__.py
@@ -1519,8 +1519,18 @@ def setup_rule(uci, id: str, name: str, src: str, src_ip: list[str], dest: str,
     uci.set('firewall', id, 'ns_tag', tag)
     if ns_src:
         uci.set('firewall', id, 'ns_src', ns_src)
+    else:
+        try:
+            uci.delete('firewall', id, 'ns_src')
+        except:
+            pass
     if ns_dst:
         uci.set('firewall', id, 'ns_dst', ns_dst)
+    else:
+        try:
+            uci.delete('firewall', id, 'ns_dst')
+        except:
+            pass
     uci.save('firewall')
 
 def split_firewall_config(uci):
@@ -1963,6 +1973,7 @@ def update_firewall_rules(uci):
         keep_ipset = False
         ns_src = uci.get('firewall', section, 'ns_src', default=None)
         ns_dst = uci.get('firewall', section, 'ns_dst', default=None)
+        name = uci.get('firewall', section, 'name', default=None)
         if ns_src:
             if objects.is_domain_set(uci, ns_src):
                 keep_ipset = True

diff --git a/tests/test_firewall.py b/tests/test_firewall.py
@@ -1111,3 +1111,15 @@ def test_update_firewall_rules(u):
 def test_list_object_suggestions(u):
     obj = objects.list_objects(u)
     assert len(obj) == 9
+
+def test_edit_rule_remove_object(u):
+    host1 = objects.add_host_set(u, "h1", "ipv4", ["1.2.3.4"])
+    # def add_rule(uci, name, src, src_ip, dest, dest_ip, proto, dest_port, target, service, enabled=True, log=False, tag=[], add_to_top=False, ns_src=None, ns_dst=None):
+    idf1 = firewall.add_rule(u, "forward1", "*", [], "wan", [], [], [], "REJECT", "*", True, False, [], False, f"objects/{host1}", "")
+    # remove object from rule
+    firewall.edit_rule(u, idf1, "forward1", "*", [], "wan", [], [], [], "REJECT", "*", True, False, [])
+    with pytest.raises(UciExceptionNotFound):
+        u.get("firewall", idf1, "src_ip")
+    assert u.get('firewall', idf1, 'ns_src', default='NONE') == 'NONE'
+    firewall.delete_rule(u, idf1)
+    objects.delete_host_set(u, host1)