From 65acae4868363117697ccefff10d0ef12fae9da4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 5 Oct 2020 18:42:07 +0200 Subject: nat: T2951: use proper comments for source/destination logging For both source and destination NAT always the LOG name contained DST - which is definately false. This has been corrected to use SRC and DST on the appropriate rules. --- data/templates/firewall/nftables-nat.tmpl | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'data') diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl index 0c29f536b..286c21859 100644 --- a/data/templates/firewall/nftables-nat.tmpl +++ b/data/templates/firewall/nftables-nat.tmpl @@ -28,6 +28,9 @@ add rule ip raw NAT_CONNTRACK counter accept {% endif %} {% macro nat_rule(rule, chain) %} +{% set comment = "" %} +{% set base_log = "" %} + {% set src_addr = "ip saddr " + rule.source_address if rule.source_address %} {% set dst_addr = "ip daddr " + rule.dest_address if rule.dest_address %} @@ -45,13 +48,15 @@ add rule ip raw NAT_CONNTRACK counter accept {% set dst_port = "dport { " + rule.dest_port +" }" if rule.dest_port %} {% endif %} -{% set comment = "DST-NAT-" + rule.number %} - {% if chain == "PREROUTING" %} +{% set comment = "DST-NAT-" + rule.number %} +{% set base_log = "[NAT-DST-" + rule.number %} {% set interface = " iifname \"" + rule.interface_in + "\"" if rule.interface_in is defined and rule.interface_in != 'any' else '' %} {% set trns_addr = "dnat to " + rule.translation_address %} {% elif chain == "POSTROUTING" %} +{% set comment = "SRC-NAT-" + rule.number %} +{% set base_log = "[NAT-SRC-" + rule.number %} {% set interface = " oifname \"" + rule.interface_out + "\"" if rule.interface_out is defined and rule.interface_out != 'any' else '' %} {% if rule.translation_address == 'masquerade' %} {% set trns_addr = rule.translation_address %} @@ -72,7 +77,6 @@ add rule ip raw NAT_CONNTRACK counter accept {% endif %} {% if rule.log %} -{% set base_log = "[NAT-DST-" + rule.number %} {% if rule.exclude %} {% set log = base_log + "-EXCL]" %} {% elif rule.translation_address == 'masquerade' %} -- cgit v1.2.3