summaryrefslogtreecommitdiff
path: root/python/vyos/nat.py
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-09-21 02:05:30 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-09-21 20:53:49 +0200
commitc6bbe051574acf5ca1501e631d73ac06bdb17b30 (patch)
tree3a10a0d4d58a2edb8b50e65d45f61b7574dd82af /python/vyos/nat.py
parente6ba98a85ca72abc7e7e2001d208bcd1806c2c13 (diff)
downloadvyos-1x-c6bbe051574acf5ca1501e631d73ac06bdb17b30.tar.gz
vyos-1x-c6bbe051574acf5ca1501e631d73ac06bdb17b30.zip
nat: T4605: Refactor static NAT to use python module for parsing rules
* Rename table to vyos_nat * Add static NAT smoketest
Diffstat (limited to 'python/vyos/nat.py')
-rw-r--r--python/vyos/nat.py62
1 files changed, 62 insertions, 0 deletions
diff --git a/python/vyos/nat.py b/python/vyos/nat.py
index 44dd65372..31bbdc386 100644
--- a/python/vyos/nat.py
+++ b/python/vyos/nat.py
@@ -124,3 +124,65 @@ def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False):
output.append(f'comment "{log_prefix}"')
return " ".join(output)
+
+def parse_nat_static_rule(rule_conf, rule_id, nat_type):
+ output = []
+ log_prefix = ('STATIC-DST' if nat_type == 'destination' else 'STATIC-SRC') + f'-NAT-{rule_id}'
+ log_suffix = ''
+
+ ignore_type_addr = False
+ translation_str = ''
+
+ if 'inbound_interface' in rule_conf:
+ ifname = rule_conf['inbound_interface']
+ ifprefix = 'i' if nat_type == 'destination' else 'o'
+ if ifname != 'any':
+ output.append(f'{ifprefix}ifname "{ifname}"')
+
+ if 'exclude' in rule_conf:
+ translation_str = 'return'
+ log_suffix = '-EXCL'
+ elif 'translation' in rule_conf:
+ translation_prefix = nat_type[:1]
+ translation_output = [f'{translation_prefix}nat']
+ addr = dict_search_args(rule_conf, 'translation', 'address')
+ map_addr = dict_search_args(rule_conf, 'destination', 'address')
+
+ if nat_type == 'source':
+ addr, map_addr = map_addr, addr # Swap
+
+ if addr and is_ip_network(addr):
+ translation_output.append(f'ip prefix to ip {translation_prefix}addr map {{ {map_addr} : {addr} }}')
+ ignore_type_addr = True
+ elif addr:
+ translation_output.append(f'to {addr}')
+
+ options = []
+ addr_mapping = dict_search_args(rule_conf, 'translation', 'options', 'address_mapping')
+ port_mapping = dict_search_args(rule_conf, 'translation', 'options', 'port_mapping')
+ if addr_mapping == 'persistent':
+ options.append('persistent')
+ if port_mapping and port_mapping != 'none':
+ options.append(port_mapping)
+
+ if options:
+ translation_output.append(",".join(options))
+
+ translation_str = " ".join(translation_output)
+
+ prefix = nat_type[:1]
+ addr = dict_search_args(rule_conf, 'translation' if nat_type == 'source' else nat_type, 'address')
+ if addr and not ignore_type_addr:
+ output.append(f'ip {prefix}addr {addr}')
+
+ output.append('counter')
+
+ if translation_str:
+ output.append(translation_str)
+
+ if 'log' in rule_conf:
+ output.append(f'log prefix "[{log_prefix}{log_suffix}]"')
+
+ output.append(f'comment "{log_prefix}"')
+
+ return " ".join(output)