diff options
| author | Nicolás Fort <95703796+nicolas-fort@users.noreply.github.com> | 2023-07-31 15:22:51 -0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-07-31 15:22:51 -0300 |
| commit | 657a566df58478c2f5d4bccad952bfcb7991e847 (patch) | |
| tree | 1cf6ab7548286f358d05389132cd82bc177c676a /python/vyos/nat.py | |
| parent | 7ae9d8953ddc9ba38d62400187ce1ec44abb5a6e (diff) | |
| parent | df33f450b4e8b7e0286e36540de81edfb5f52e73 (diff) | |
| download | vyos-1x-657a566df58478c2f5d4bccad952bfcb7991e847.tar.gz vyos-1x-657a566df58478c2f5d4bccad952bfcb7991e847.zip | |
Merge branch 'current' into T5014-dnat
Diffstat (limited to 'python/vyos/nat.py')
| -rw-r--r-- | python/vyos/nat.py | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/python/vyos/nat.py b/python/vyos/nat.py index a56ca1ff3..418efe649 100644 --- a/python/vyos/nat.py +++ b/python/vyos/nat.py @@ -54,28 +54,32 @@ def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False): translation_str = 'return' log_suffix = '-EXCL' elif 'translation' in rule_conf: - translation_prefix = nat_type[:1] - translation_output = [f'{translation_prefix}nat'] addr = dict_search_args(rule_conf, 'translation', 'address') port = dict_search_args(rule_conf, 'translation', 'port') - - if addr and is_ip_network(addr): - if not ipv6: - map_addr = dict_search_args(rule_conf, nat_type, 'address') - translation_output.append(f'{ip_prefix} prefix to {ip_prefix} {translation_prefix}addr map {{ {map_addr} : {addr} }}') - ignore_type_addr = True - else: - translation_output.append(f'prefix to {addr}') - elif addr == 'masquerade': - if port: - addr = f'{addr} to ' - translation_output = [addr] - log_suffix = '-MASQ' + redirect_port = dict_search_args(rule_conf, 'translation', 'redirect', 'port') + if redirect_port: + translation_output = [f'redirect to {redirect_port}'] else: - translation_output.append('to') - if addr: - addr = bracketize_ipv6(addr) - translation_output.append(addr) + translation_prefix = nat_type[:1] + translation_output = [f'{translation_prefix}nat'] + + if addr and is_ip_network(addr): + if not ipv6: + map_addr = dict_search_args(rule_conf, nat_type, 'address') + translation_output.append(f'{ip_prefix} prefix to {ip_prefix} {translation_prefix}addr map {{ {map_addr} : {addr} }}') + ignore_type_addr = True + else: + translation_output.append(f'prefix to {addr}') + elif addr == 'masquerade': + if port: + addr = f'{addr} to ' + translation_output = [addr] + log_suffix = '-MASQ' + else: + translation_output.append('to') + if addr: + addr = bracketize_ipv6(addr) + translation_output.append(addr) options = [] addr_mapping = dict_search_args(rule_conf, 'translation', 'options', 'address_mapping') |