From aa9633b4358c571e58710dba5330f72f7f893304 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Mon, 29 Aug 2022 11:36:16 +0000 Subject: nat: T4367: Move nat rules from /tmp to /run/nftables_nat.conf Move nftables nat configuration from /tmp to /run As we have for other services like firewall, conntrack Don't remove the config file '/run/nftables_nat.conf' after commit --- src/conf_mode/nat.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 85819a77e..a72e82a83 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -44,7 +44,7 @@ if LooseVersion(kernel_version()) > LooseVersion('5.1'): else: k_mod = ['nft_nat', 'nft_chain_nat_ipv4'] -nftables_nat_config = '/tmp/vyos-nat-rules.nft' +nftables_nat_config = '/run/nftables_nat.conf' def get_handler(json, chain, target): """ Get nftable rule handler number of given chain/target combination. @@ -186,16 +186,12 @@ def generate(nat): # dry-run newly generated configuration tmp = run(f'nft -c -f {nftables_nat_config}') if tmp > 0: - if os.path.exists(nftables_nat_config): - os.unlink(nftables_nat_config) raise ConfigError('Configuration file errors encountered!') return None def apply(nat): cmd(f'nft -f {nftables_nat_config}') - if os.path.isfile(nftables_nat_config): - os.unlink(nftables_nat_config) return None -- cgit v1.2.3