From 65f66d73d56006779d4bd698b2ce039374614548 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 12 Jan 2021 23:22:21 +0100
Subject: nat: T3186: fix negated addresses not applied from CLI

(cherry picked from commit 806b1cb6eebce4a11a5d2496b062a93d5899746e)
---
 smoketest/scripts/cli/test_nat.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'smoketest')

diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py
index b82805661..b5702d691 100755
--- a/smoketest/scripts/cli/test_nat.py
+++ b/smoketest/scripts/cli/test_nat.py
@@ -155,6 +155,18 @@ class TestNAT(unittest.TestCase):
         self.session.set(src_path + ['rule', rule, 'translation', 'address', 'masquerade'])
         self.session.commit()
 
+    def test_dnat_negated_addresses(self):
+        # T3186: negated addresses are not accepted by nftables
+        rule = '1000'
+        self.session.set(dst_path + ['rule', rule, 'destination', 'address', '!192.0.2.1'])
+        self.session.set(dst_path + ['rule', rule, 'destination', 'port', '53'])
+        self.session.set(dst_path + ['rule', rule, 'inbound-interface', 'eth0'])
+        self.session.set(dst_path + ['rule', rule, 'protocol', 'tcp_udp'])
+        self.session.set(dst_path + ['rule', rule, 'source', 'address', '!192.0.2.1'])
+        self.session.set(dst_path + ['rule', rule, 'translation', 'address', '192.0.2.1'])
+        self.session.set(dst_path + ['rule', rule, 'translation', 'port', '53'])
+        self.session.commit()
+
     def test_nat_no_rules(self):
         # T3206: deleting all rules but keep the direction 'destination' or
         # 'source' resulteds in KeyError: 'rule'.
-- 
cgit v1.2.3