firewall: T3900: fix migration and smoketests

Commit 770edf0 ("T3900: T6394: extend functionalities in firewall") changed the position in the CLI for conntrack timeout. This lead to failing smoketests because of a regression in the migrator.
vyos · Jun 11, 2024 · 2cbc4eb · 2cbc4eb
1 parent 50a5a29
commit 2cbc4eb
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/smoketest/config-tests/dialup-router-wireguard-ipv6 b/smoketest/config-tests/dialup-router-wireguard-ipv6
@@ -192,10 +192,6 @@ set service snmp location 'CLOUD'
 set system conntrack expect-table-size '2048'
 set system conntrack hash-size '32768'
 set system conntrack table-size '262144'
-set system conntrack timeout icmp '30'
-set system conntrack timeout other '600'
-set system conntrack timeout udp other '300'
-set system conntrack timeout udp stream '300'
 set system domain-name 'vyos.net'
 set system host-name 'r1'
 set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
@@ -216,6 +212,10 @@ set firewall global-options receive-redirects 'disable'
 set firewall global-options send-redirects 'enable'
 set firewall global-options source-validation 'disable'
 set firewall global-options syn-cookies 'enable'
+set firewall global-options timeout icmp '30'
+set firewall global-options timeout other '600'
+set firewall global-options timeout udp other '300'
+set firewall global-options timeout udp stream '300'
 set firewall global-options twa-hazards-protection 'disable'
 set firewall group address-group DMZ-RDP-SERVER address '172.16.33.40'
 set firewall group address-group DMZ-RDP-SERVER description 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata'

diff --git a/src/migration-scripts/firewall/15-to-16 b/src/migration-scripts/firewall/15-to-16
@@ -42,8 +42,9 @@ if not config.exists(conntrack_base):
 
 for protocol in ['icmp', 'tcp', 'udp', 'other']:
     if config.exists(conntrack_base + [protocol]):
-        if not config.exists(firewall_base):
+        if not config.exists(firewall_base + ['timeout']):
             config.set(firewall_base + ['timeout'])
+
         config.copy(conntrack_base + [protocol], firewall_base + ['timeout', protocol])
         config.delete(conntrack_base + [protocol])
 
@@ -52,4 +53,4 @@ try:
         f.write(config.to_string())
 except OSError as e:
     print("Failed to save the modified config: {}".format(e))
-    exit(1)
+    exit(1)