summaryrefslogtreecommitdiff
path: root/python/vyos/firewall.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-05-09 07:22:41 +0200
committerGitHub <noreply@github.com>2022-05-09 07:22:41 +0200
commit432fd1b5e7b5a1e5b8503bf0dcd106369e323dc7 (patch)
treee8d30a3eb65895b955c81e284560c24309a5c65e /python/vyos/firewall.py
parent2e28d3f68c10dadc87bbff9ff2cc6410798384ae (diff)
parent15e55af88e6104608487c1138641fcff54594d89 (diff)
downloadvyos-1x-432fd1b5e7b5a1e5b8503bf0dcd106369e323dc7.tar.gz
vyos-1x-432fd1b5e7b5a1e5b8503bf0dcd106369e323dc7.zip
Merge pull request #1279 from nicolas-fort/T990
Firewall: T990: Add snat and dnat connection status on firewall
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r--python/vyos/firewall.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index ff8623592..04fd44173 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -49,6 +49,15 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
if states:
output.append(f'ct state {{{states}}}')
+ if 'connection_status' in rule_conf and rule_conf['connection_status']:
+ status = rule_conf['connection_status']
+ if status['nat'] == 'destination':
+ nat_status = '{dnat}'
+ output.append(f'ct status {nat_status}')
+ if status['nat'] == 'source':
+ nat_status = '{snat}'
+ output.append(f'ct status {nat_status}')
+
if 'protocol' in rule_conf and rule_conf['protocol'] != 'all':
proto = rule_conf['protocol']
operator = ''