From a5650abb6d575de2f696a934d52468992ac9f1e9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 1 May 2020 16:46:06 +0200 Subject: nat: T2198: migrate to common template for source/destination NAT --- data/templates/nat/iptables-restore.tmpl | 38 ++++++++++++++++++++++++++++++++ data/templates/nat/nat-destination.tmpl | 13 ----------- data/templates/nat/nat-source.tmpl | 4 ---- 3 files changed, 38 insertions(+), 17 deletions(-) create mode 100644 data/templates/nat/iptables-restore.tmpl delete mode 100644 data/templates/nat/nat-destination.tmpl delete mode 100644 data/templates/nat/nat-source.tmpl (limited to 'data') diff --git a/data/templates/nat/iptables-restore.tmpl b/data/templates/nat/iptables-restore.tmpl new file mode 100644 index 000000000..f20a05719 --- /dev/null +++ b/data/templates/nat/iptables-restore.tmpl @@ -0,0 +1,38 @@ +### Autogenerated by nat.py ### + +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:VYATTA_PRE_DNAT_HOOK - [0:0] +:VYATTA_PRE_SNAT_HOOK - [0:0] +-A PREROUTING -j VYATTA_PRE_DNAT_HOOK +{% for r in destination -%} +{% if (',' in r.dest_port) or ('-' in r.dest_port) %} + +{% if r.protocol == 'tcp_udp' %} +# protocol has been tcp_udp - create two distinct rules +-A PREROUTING -i {{ r.interface_in }} -p tcp -m multiport --dports {{ r.dest_port | replace('-', ':') }} -m comment --comment "DST-NAT-{{ r.number }} tcp_udp" -j DNAT --to-destination {{ r.translation_address }}{{ ":" + r.translation_port if r.translation_port }} +-A PREROUTING -i {{ r.interface_in }} -p udp -m multiport --dports {{ r.dest_port | replace('-', ':') }} -m comment --comment "DST-NAT-{{ r.number }} tcp_udp" -j DNAT --to-destination {{ r.translation_address }}{{ ":" + r.translation_port if r.translation_port }} +{% else %} +-A PREROUTING -i {{ r.interface_in }} -p {{ r.protocol }} -m multiport --dports {{ r.dest_port | replace('-', ':') }} -m comment --comment DST-NAT-{{ r.number }} -j DNAT --to-destination {{ r.translation_address }}{{ ":" + r.translation_port if r.translation_port }} +{%- endif %} + +{% else %} + +{% if r.protocol == 'tcp_udp' %} +# protocol has been tcp_udp - create two distinct rules +-A PREROUTING -i {{ r.interface_in }} -p tcp -m {{ r.protocol }} --dports {{ r.dest_port }} -m comment --comment "DST-NAT-{{ r.number }} tcp_udp" -j DNAT --to-destination {{ r.translation_address }}{{ ":" + r.translation_port if r.translation_port }} +-A PREROUTING -i {{ r.interface_in }} -p udp -m {{ r.protocol }} --dports {{ r.dest_port }} -m comment --comment "DST-NAT-{{ r.number }} tcp_udp" -j DNAT --to-destination {{ r.translation_address }}{{ ":" + r.translation_port if r.translation_port }} +{% else %} +-A PREROUTING -i {{ r.interface_in }} -p {{ r.protocol }} -m {{ r.protocol }} --dport {{ r.dest_port }} -m comment --comment DST-NAT-{{ r.number }} -j DNAT --to-destination {{ r.translation_address }}{{ ":" + r.translation_port if r.translation_port }} +{% endif %} + +{%- endif %} + +{% endfor %} +-A POSTROUTING -j VYATTA_PRE_SNAT_HOOK +-A VYATTA_PRE_DNAT_HOOK -j RETURN +-A VYATTA_PRE_SNAT_HOOK -j RETURN +COMMIT diff --git a/data/templates/nat/nat-destination.tmpl b/data/templates/nat/nat-destination.tmpl deleted file mode 100644 index ccd585264..000000000 --- a/data/templates/nat/nat-destination.tmpl +++ /dev/null @@ -1,13 +0,0 @@ -### Autogenerated by nat.py ### - -*nat --A PREROUTING -j VYATTA_PRE_DNAT_HOOK -{% for r in destination -%} -{% if (',' in r.dest_port) or ('-' in r.dest_port) %} --A PREROUTING -i {{ r.interface_in }} -p {{ r.protocol }} -m multiport --dports {{ r.dest_port | replace('-', ':') }} -m comment --comment "DST-NAT-{{ r.number }} {{ r.protocol }}" -j DNAT --to-destination {{ r.translation_address }}{{ ":" + r.translation_port if r.translation_port }} -{% else %} --A PREROUTING -i {{ r.interface_in }} -p {{ r.protocol }} -m tcp --dport {{ r.dest_port }} -m comment --comment "DST-NAT-{{ r.number }} {{ r.protocol }}" -j DNAT --to-destination {{ r.translation_address }}{{ ":" + r.translation_port if r.translation_port }} -{% endif %} -{% endfor %} --A VYATTA_PRE_DNAT_HOOK -j RETURN -COMMIT diff --git a/data/templates/nat/nat-source.tmpl b/data/templates/nat/nat-source.tmpl deleted file mode 100644 index 41179ae9c..000000000 --- a/data/templates/nat/nat-source.tmpl +++ /dev/null @@ -1,4 +0,0 @@ -### Autogenerated by nat.py ### -{% for r in source -%} -# {{ r.description }} -{% endfor %} -- cgit v1.2.3