firewall: T7452: update rule generation for Zone-based firewall

David Vølker · David Vølker · commit 6c9364275761 · 2025-05-15T09:59:47.000+02:00
diff --git a/data/templates/firewall/nftables-zone.j2 b/data/templates/firewall/nftables-zone.j2
@@ -12,9 +12,7 @@
         oifname { {{ zone_conf.member.interface | join(',') }} } counter jump VZONE_{{ zone_name }}
 {%         endif %}
 {%         if 'vrf' in zone_conf.member %}
-{%             for vrf_name in zone_conf.member.vrf %}
-        oifname { {{ zone_conf['vrf_interfaces'][vrf_name] }} } counter jump VZONE_{{ zone_name }}
-{%             endfor %}
+        oifname { {{ zone_conf.member.vrf | join(",") }} } counter jump VZONE_{{ zone_name }}
 {%         endif %}
 {%     endif %}
 {% endfor %}
@@ -69,10 +67,8 @@
         oifname { {{ zone[from_zone].member.interface | join(",") }} } counter return
 {%                 endif %}
 {%                 if 'vrf' in zone[from_zone].member %}
-{%                     for vrf_name in zone[from_zone].member.vrf %}
-        oifname { {{ zone[from_zone]['vrf_interfaces'][vrf_name] }} } counter jump NAME{{ suffix }}_{{ from_conf.firewall[fw_name] }}
-        oifname { {{ zone[from_zone]['vrf_interfaces'][vrf_name] }} } counter return
-{%                     endfor %}
+        oifname { {{ zone[from_zone].member.vrf | join(",") }} } counter jump NAME{{ suffix }}_{{ from_conf.firewall[fw_name] }}
+        oifname { {{ zone[from_zone].member.vrf | join(",") }} } counter return
 {%                 endif %}
 {%             endfor %}
 {%         endif %}
@@ -112,4 +108,4 @@
     }
 {%     endif %}
 {% endfor %}
-{% endmacro %}
+{% endmacro %}
