diff options
| -rw-r--r-- | lib/Vyatta/NatRule.pm | 14 | ||||
| -rwxr-xr-x | scripts/vyatta-show-nat-rules.pl | 1 | ||||
| -rwxr-xr-x | scripts/vyatta-show-nat.pl | 1 | ||||
| -rwxr-xr-x | scripts/vyatta-update-nat.pl | 2 | ||||
| -rw-r--r-- | templates-cfg/service/nat/rule/node.tag/disable/node.def | 1 |
5 files changed, 18 insertions, 1 deletions
diff --git a/lib/Vyatta/NatRule.pm b/lib/Vyatta/NatRule.pm index cadff9c..c3631ae 100644 --- a/lib/Vyatta/NatRule.pm +++ b/lib/Vyatta/NatRule.pm @@ -18,6 +18,7 @@ my %fields = ( _outbound_if => undef, _proto => undef, _exclude => undef, + _disable => undef, _log => undef, _inside_addr => { _addr => undef, @@ -61,6 +62,7 @@ sub setup { $self->{_outbound_if} = $config->returnValue("outbound-interface"); $self->{_proto} = $config->returnValue("protocol"); $self->{_exclude} = $config->exists("exclude"); + $self->{_disable} = $config->exists("disable"); $self->{_log} = $config->returnValue("log"); $self->{_inside_addr}->{_addr} @@ -108,6 +110,7 @@ sub setupOrig { $self->{_outbound_if} = $config->returnOrigValue("outbound-interface"); $self->{_proto} = $config->returnOrigValue("protocol"); $self->{_exclude} = $config->existsOrig("exclude"); + $self->{_disable} = $config->existsOrig("disable"); $self->{_log} = $config->returnOrigValue("log"); $self->{_inside_addr}->{_addr} @@ -142,8 +145,15 @@ sub setupOrig { return 0; } +sub is_disabled { + my $self = shift; + return 1 if defined $self->{_disable}; + return 0; +} + sub get_num_ipt_rules { my $self = shift; + return 0 if defined $self->{_disable}; my $ipt_rules = 1; if ("$self->{_log}" eq 'enable') { $ipt_rules++; @@ -179,7 +189,7 @@ sub rule_str { my $jump_target = ''; my $jump_param = ''; my $use_netmap = 0; - + if (!defined($self->{_proto}) || (($self->{_proto} ne "tcp") && ($self->{_proto} ne "6") && ($self->{_proto} ne "udp") && ($self->{_proto} ne "17"))) { @@ -462,6 +472,8 @@ sub rule_str { } } + return (undef, undef) if defined $self->{_disable}; + $rule_str .= " $src_str $dst_str"; if ("$self->{_log}" eq "enable") { my $log_rule = $rule_str; diff --git a/scripts/vyatta-show-nat-rules.pl b/scripts/vyatta-show-nat-rules.pl index 206d409..a7b83da 100755 --- a/scripts/vyatta-show-nat-rules.pl +++ b/scripts/vyatta-show-nat-rules.pl @@ -172,6 +172,7 @@ for $rule (@rules) { my $dst = new Vyatta::IpTables::AddressFilter; $nrule->setupOrig("service nat rule $rule"); + next if defined $nrule->{_disable}; $rulenum = "X" . $rule if defined $nrule->{_exclude}; $type = $nat_type{$nrule->{_type}}; $protocol = $nrule->{_proto} if defined $nrule->{_proto}; diff --git a/scripts/vyatta-show-nat.pl b/scripts/vyatta-show-nat.pl index c933e05..574c995 100755 --- a/scripts/vyatta-show-nat.pl +++ b/scripts/vyatta-show-nat.pl @@ -53,6 +53,7 @@ my @rules = sort numerically @rules_pre; for $rule (@rules) { my $nrule = new Vyatta::NatRule; $nrule->setupOrig("service nat rule $rule"); + next if defined $nrule->{_disable}; my $ntype = $nrule->orig_type(); print RENDER " <row>\n"; print RENDER " <rule_num>$rule</rule_num>\n"; diff --git a/scripts/vyatta-update-nat.pl b/scripts/vyatta-update-nat.pl index 6eeb924..bbbd4ff 100755 --- a/scripts/vyatta-update-nat.pl +++ b/scripts/vyatta-update-nat.pl @@ -126,6 +126,7 @@ for $rule (@rule_keys) { exit 6; } foreach my $rule_str (@rule_strs) { + next if !defined $rule_str; $cmd = "iptables -t nat -I $chain_name{$ntype} $ipt_rulenum{$ntype} " . "$rule_str"; print OUT "$cmd\n"; @@ -156,6 +157,7 @@ for $rule (@rule_keys) { # add the new rule(s) foreach my $rule_str (@rule_strs) { + next if !defined $rule_str; $cmd = "iptables -t nat -I $chain_name{$ntype} $ipt_rulenum{$ntype} " . "$rule_str"; print OUT "$cmd\n"; diff --git a/templates-cfg/service/nat/rule/node.tag/disable/node.def b/templates-cfg/service/nat/rule/node.tag/disable/node.def new file mode 100644 index 0000000..c23fc5a --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/disable/node.def @@ -0,0 +1 @@ +help: Disable NAT rule |