1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
#
# Module: NatRuleCommon.pm
#
# **** License ****
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# This code was originally developed by Vyatta, Inc.
# Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc.
# All Rights Reserved.
#
# Author: eng@vyatta.com
# Date: 2011
# Description: Shared NAT rule handling procedures library
#
# **** End License ****
#
package Vyatta::NatRuleCommon;
use strict;
use lib "/opt/vyatta/share/perl5";
require Vyatta::Config;
require Vyatta::IpTables::AddressFilter;
use Vyatta::Misc;
use Vyatta::TypeChecker;
require Exporter;
our @ISA = qw(Exporter);
our @EXPORT = qw(is_disabled get_num_ipt_rules get_log_prefix output_xml_elem make_src_dst_str);
sub is_disabled {
my $self = shift;
return 1 if defined $self->{_disable};
return 0;
}
sub get_num_ipt_rules {
my $self = shift;
return 0 if defined $self->{_disable};
my $ipt_rules = 1;
if ("$self->{_log}" eq 'enable') {
$ipt_rules++;
}
if (defined $self->{_proto} && $self->{_proto} eq 'tcp_udp') {
$ipt_rules++;
$ipt_rules++ if $self->{_log} eq 'enable';
}
return $ipt_rules;
}
sub get_log_prefix {
my ($rule_num, $type, $modifier) = @_;
# In iptables it allows a 29 character log_prefix, but we ideally
# want to include "[nat-$type-$num-$target] "
# 4 4 4 7 = 19
# so no truncation is needed.
my $log_prefix = "[NAT-$type-$rule_num";
$log_prefix .= "-$modifier" if $modifier;
$log_prefix .= "] ";
return $log_prefix;
}
sub output_xml_elem {
my ($name, $value, $fh) = @_;
print $fh " <$name>$value</$name>\n";
}
# Single port option must be before multiport one,
# rearrange if needed
sub make_src_dst_str {
my ($src_str, $dst_str) = @_;
my $src_dst_str;
if (grep /multiport/, $src_str) {
$src_dst_str = " $dst_str $src_str ";
} elsif (grep /multiport/, $dst_str) {
$src_dst_str = " $src_str $dst_str ";
} else {
$src_dst_str = " $src_str $dst_str ";
}
return $src_dst_str;
}
1;
|
