diff options
author | Christian Breunig <christian@breunig.cc> | 2024-05-30 08:31:07 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-30 08:31:07 +0200 |
commit | 516167fd43aaba68be86a969aa0dd60f73abb121 (patch) | |
tree | 5dde08e4a72cd9a6906a09fc9a0ac837f1b43331 | |
parent | 0bada0f998c551f1b53686de3e93a6de8fd84d37 (diff) | |
parent | 33c987bf43ad27d7b0a7fd68dbcefa96b1e7b102 (diff) | |
download | vyos-1x-516167fd43aaba68be86a969aa0dd60f73abb121.tar.gz vyos-1x-516167fd43aaba68be86a969aa0dd60f73abb121.zip |
Merge pull request #3545 from vyos/mergify/bp/sagitta/pr-3532
NAT: T6371: fix NAT op mode when list of ports/ranges configured (backport #3532)
-rwxr-xr-x | src/op_mode/nat.py | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/src/op_mode/nat.py b/src/op_mode/nat.py index 4ab524fb7..16a545cda 100755 --- a/src/op_mode/nat.py +++ b/src/op_mode/nat.py @@ -99,6 +99,23 @@ def _get_raw_translation(direction, family, address=None): def _get_formatted_output_rules(data, direction, family): + def _get_ports_for_output(my_dict): + # Get and insert all configured ports or port ranges into output string + for index, port in enumerate(my_dict['set']): + if 'range' in str(my_dict['set'][index]): + output = my_dict['set'][index]['range'] + output = '-'.join(map(str, output)) + else: + output = str(port) + if index == 0: + output = str(output) + else: + output = ','.join([output,output]) + # Handle case where configured ports are a negated list + if my_dict['op'] == '!=': + output = '!' + output + return(output) + # Add default values before loop sport, dport, proto = 'any', 'any', 'any' saddr = '::/0' if family == 'inet6' else '0.0.0.0/0' @@ -126,21 +143,9 @@ def _get_formatted_output_rules(data, direction, family): elif my_dict['field'] == 'daddr': daddr = f'{op}{my_dict["prefix"]["addr"]}/{my_dict["prefix"]["len"]}' elif my_dict['field'] == 'sport': - # Port range or single port - if jmespath.search('set[*].range', my_dict): - sport = my_dict['set'][0]['range'] - sport = '-'.join(map(str, sport)) - else: - sport = my_dict.get('set') - sport = ','.join(map(str, sport)) + sport = _get_ports_for_output(my_dict) elif my_dict['field'] == 'dport': - # Port range or single port - if jmespath.search('set[*].range', my_dict): - dport = my_dict["set"][0]["range"] - dport = '-'.join(map(str, dport)) - else: - dport = my_dict.get('set') - dport = ','.join(map(str, dport)) + dport = _get_ports_for_output(my_dict) else: field = jmespath.search('left.payload.field', match) if field == 'saddr': |