1 files changed, 23 insertions, 1 deletions

diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py
index 7ca82f86f..b5702d691 100755
--- a/smoketest/scripts/cli/test_nat.py
+++ b/smoketest/scripts/cli/test_nat.py
@@ -138,7 +138,6 @@ class TestNAT(unittest.TestCase):
             else:
                 self.assertEqual(iface, inbound_iface_200)
 
-
     def test_snat_required_translation_address(self):
         # T2813: Ensure translation address is specified
         rule = '5'
@@ -156,5 +155,28 @@ class TestNAT(unittest.TestCase):
         self.session.set(src_path + ['rule', rule, 'translation', 'address', 'masquerade'])
         self.session.commit()
 
+    def test_dnat_negated_addresses(self):
+        # T3186: negated addresses are not accepted by nftables
+        rule = '1000'
+        self.session.set(dst_path + ['rule', rule, 'destination', 'address', '!192.0.2.1'])
+        self.session.set(dst_path + ['rule', rule, 'destination', 'port', '53'])
+        self.session.set(dst_path + ['rule', rule, 'inbound-interface', 'eth0'])
+        self.session.set(dst_path + ['rule', rule, 'protocol', 'tcp_udp'])
+        self.session.set(dst_path + ['rule', rule, 'source', 'address', '!192.0.2.1'])
+        self.session.set(dst_path + ['rule', rule, 'translation', 'address', '192.0.2.1'])
+        self.session.set(dst_path + ['rule', rule, 'translation', 'port', '53'])
+        self.session.commit()
+
+    def test_nat_no_rules(self):
+        # T3206: deleting all rules but keep the direction 'destination' or
+        # 'source' resulteds in KeyError: 'rule'.
+        #
+        # Test that both 'nat destination' and 'nat source' nodes can exist
+        # without any rule
+        self.session.set(src_path)
+        self.session.set(dst_path)
+        self.session.commit()
+
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)