diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-09-21 02:05:30 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-09-21 20:53:49 +0200 |
commit | c6bbe051574acf5ca1501e631d73ac06bdb17b30 (patch) | |
tree | 3a10a0d4d58a2edb8b50e65d45f61b7574dd82af /python/vyos/nat.py | |
parent | e6ba98a85ca72abc7e7e2001d208bcd1806c2c13 (diff) | |
download | vyos-1x-c6bbe051574acf5ca1501e631d73ac06bdb17b30.tar.gz vyos-1x-c6bbe051574acf5ca1501e631d73ac06bdb17b30.zip |
nat: T4605: Refactor static NAT to use python module for parsing rules
* Rename table to vyos_nat
* Add static NAT smoketest
Diffstat (limited to 'python/vyos/nat.py')
-rw-r--r-- | python/vyos/nat.py | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/python/vyos/nat.py b/python/vyos/nat.py index 44dd65372..31bbdc386 100644 --- a/python/vyos/nat.py +++ b/python/vyos/nat.py @@ -124,3 +124,65 @@ def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False): output.append(f'comment "{log_prefix}"') return " ".join(output) + +def parse_nat_static_rule(rule_conf, rule_id, nat_type): + output = [] + log_prefix = ('STATIC-DST' if nat_type == 'destination' else 'STATIC-SRC') + f'-NAT-{rule_id}' + log_suffix = '' + + ignore_type_addr = False + translation_str = '' + + if 'inbound_interface' in rule_conf: + ifname = rule_conf['inbound_interface'] + ifprefix = 'i' if nat_type == 'destination' else 'o' + if ifname != 'any': + output.append(f'{ifprefix}ifname "{ifname}"') + + if 'exclude' in rule_conf: + translation_str = 'return' + log_suffix = '-EXCL' + elif 'translation' in rule_conf: + translation_prefix = nat_type[:1] + translation_output = [f'{translation_prefix}nat'] + addr = dict_search_args(rule_conf, 'translation', 'address') + map_addr = dict_search_args(rule_conf, 'destination', 'address') + + if nat_type == 'source': + addr, map_addr = map_addr, addr # Swap + + if addr and is_ip_network(addr): + translation_output.append(f'ip prefix to ip {translation_prefix}addr map {{ {map_addr} : {addr} }}') + ignore_type_addr = True + elif addr: + translation_output.append(f'to {addr}') + + options = [] + addr_mapping = dict_search_args(rule_conf, 'translation', 'options', 'address_mapping') + port_mapping = dict_search_args(rule_conf, 'translation', 'options', 'port_mapping') + if addr_mapping == 'persistent': + options.append('persistent') + if port_mapping and port_mapping != 'none': + options.append(port_mapping) + + if options: + translation_output.append(",".join(options)) + + translation_str = " ".join(translation_output) + + prefix = nat_type[:1] + addr = dict_search_args(rule_conf, 'translation' if nat_type == 'source' else nat_type, 'address') + if addr and not ignore_type_addr: + output.append(f'ip {prefix}addr {addr}') + + output.append('counter') + + if translation_str: + output.append(translation_str) + + if 'log' in rule_conf: + output.append(f'log prefix "[{log_prefix}{log_suffix}]"') + + output.append(f'comment "{log_prefix}"') + + return " ".join(output) |