diff options
| -rw-r--r-- | containers/firewall/Dockerfile.j2 | 1 | ||||
| -rw-r--r-- | containers/firewall/entrypoint.sh | 1 | ||||
| -rw-r--r-- | containers/firewall/templates/asymmetric_addr_layer.conf.j2 (renamed from containers/firewall/files/asymmetric_addr_layer.conf) | 2 | ||||
| -rw-r--r-- | containers/firewall/templates/main.conf.j2 | 4 |
4 files changed, 7 insertions, 1 deletions
diff --git a/containers/firewall/Dockerfile.j2 b/containers/firewall/Dockerfile.j2 index ad6a1159..4dbff1f6 100644 --- a/containers/firewall/Dockerfile.j2 +++ b/containers/firewall/Dockerfile.j2 @@ -8,7 +8,6 @@ RUN {{ macros.install_packages(packages) }} && \ rm -rf /opt/tsg/sapp/r3 # files COPY files/quic/main.conf /opt/tsg/sapp/conf/quic/main.conf -COPY files/asymmetric_addr_layer.conf /opt/tsg/sapp/etc/ COPY files/entrylist.conf /opt/tsg/sapp/etc/ COPY files/firewall_l7_protocol.conf /opt/tsg/sapp/tsgconf/ COPY files/http.conf /opt/tsg/sapp/conf/http/ diff --git a/containers/firewall/entrypoint.sh b/containers/firewall/entrypoint.sh index 6d318b12..602d6a7b 100644 --- a/containers/firewall/entrypoint.sh +++ b/containers/firewall/entrypoint.sh @@ -56,6 +56,7 @@ parse_args "$@" mkdir -p /opt/tsg/etc/ +render_template asymmetric_addr_layer.conf.j2 /opt/tsg/sapp/etc/asymmetric_addr_layer.conf render_template conflist.inf.j2 /opt/tsg/sapp/plug/conflist.inf render_template firewall_logger_transmitter_schema.json.j2 /opt/tsg/sapp/tsgconf/firewall_logger_transmitter_schema.json render_template firewall.inf.j2 /opt/tsg/sapp/plug/business/firewall/firewall.inf diff --git a/containers/firewall/files/asymmetric_addr_layer.conf b/containers/firewall/templates/asymmetric_addr_layer.conf.j2 index f4dcd827..e3ff6758 100644 --- a/containers/firewall/files/asymmetric_addr_layer.conf +++ b/containers/firewall/templates/asymmetric_addr_layer.conf.j2 @@ -1,9 +1,11 @@ #layer name definition: ipv4, ipv6, ethernet,vlan, arp, gre, mpls, pppoe, tcp, udp, l2tp, ppp, pptp, gtp #pattern: asymmetric_layer_name[layer index] #The symbol "*" represents any layer +{% if firewall.inject_packet_by_mgnt_route != True -%} ethernet[*] vlan[*] vxlan[*] mpls[*] gre[*] gtp[*] +{%- endif %}
\ No newline at end of file diff --git a/containers/firewall/templates/main.conf.j2 b/containers/firewall/templates/main.conf.j2 index 9453650e..423f916b 100644 --- a/containers/firewall/templates/main.conf.j2 +++ b/containers/firewall/templates/main.conf.j2 @@ -54,7 +54,11 @@ APPSKETCH_SWITCH=0 [FIREWALL] # hijack, replace +{%- if firewall.inject_packet_by_mgnt_route == True %} +PACKET_RESPONSE_MODE=hijack +{%- else %} PACKET_RESPONSE_MODE=replace +{%- endif %} HTTP_PAGE200=./tsgconf/HTTP200.html HTTP_PAGE204=./tsgconf/HTTP204.html HTTP_PAGE403=./tsgconf/HTTP403.html |