diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-03-12 20:26:25 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-12 20:26:25 +0100 |
commit | ca08d8dc51ef93bfd5429c331ea919fe77ac8b39 (patch) | |
tree | 6015df7f0bf180297b658cb32481ecce46626f71 /data/templates/firewall | |
parent | 8262556dd809babdbc75369dae654eca7f021964 (diff) | |
parent | c47a084ff4c43559f586f78b32a84fa062770f8e (diff) | |
download | vyos-1x-ca08d8dc51ef93bfd5429c331ea919fe77ac8b39.tar.gz vyos-1x-ca08d8dc51ef93bfd5429c331ea919fe77ac8b39.zip |
Merge pull request #769 from jack9603301/T2518
nat66: T2518: Align the log and comment of nat66 template with nat
Diffstat (limited to 'data/templates/firewall')
-rw-r--r-- | data/templates/firewall/nftables-nat66.tmpl | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/data/templates/firewall/nftables-nat66.tmpl b/data/templates/firewall/nftables-nat66.tmpl index cdaeaad6a..e5c1b1b8d 100644 --- a/data/templates/firewall/nftables-nat66.tmpl +++ b/data/templates/firewall/nftables-nat66.tmpl @@ -1,9 +1,13 @@ #!/usr/sbin/nft -f {% macro nptv6_rule(rule,config, chain) %} -{% set src_prefix = "ip6 saddr " + config.source.prefix if config.source is defined and config.source.prefix is defined and config.source.prefix is not none %} -{% set dest_address = "ip6 daddr " + config.destination.address if config.destination is defined and config.destination.address is defined and config.destination.address is not none %} +{% set comment = '' %} +{% set base_log = '' %} +{% set src_prefix = "ip6 saddr " + config.source.prefix if config.source is defined and config.source.prefix is defined and config.source.prefix is not none %} +{% set dest_address = "ip6 daddr " + config.destination.address if config.destination is defined and config.destination.address is defined and config.destination.address is not none %} {% if chain == "PREROUTING" %} +{% set comment = "DST-NAT66-" + rule %} +{% set base_log = '[NAT66-DST-' + rule %} {% set interface = " iifname \"" + config.inbound_interface + "\"" if config.inbound_interface is defined and config.inbound_interface != 'any' else '' %} {% if config.translation.address | is_ip_network %} {# support 1:1 network translation #} @@ -13,6 +17,8 @@ {% endif %} {% set trns_address = dnat_type + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} {% elif chain == "POSTROUTING" %} +{% set comment = 'SRC-NAT66-' + rule %} +{% set base_log = '[NAT66-SRC-' + rule %} {% if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} {% if config.translation.address == 'masquerade' %} {% set trns_address = config.translation.address %} @@ -28,10 +34,12 @@ {% endif %} {% set interface = " oifname \"" + config.outbound_interface + "\"" if config.outbound_interface is defined else '' %} {% endif %} -{% set comment = "NPT-NAT-" + rule %} -{% if rule.log %} -{% set base_log = "[NPT-DST-" + rule %} -{% set log = base_log + "]" %} +{% if config.log is defined %} +{% if config.translation is defined and config.translation.address is defined and config.translation.address == 'masquerade' %} +{% set log = base_log +'-MASQ]' %} +{% else %} +{% set log = base_log + "]" %} +{% endif %} {% endif %} {% set output = "add rule ip6 nat " + chain + interface %} {# Count packets #} |