diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-15 21:47:08 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-05-16 18:25:58 +0200 |
commit | f75db67c495c0e9e251bebba46b75e9d085dece0 (patch) | |
tree | 95e53c2ea4721a60cacad4fac0bdcd79536bac7b | |
parent | 682bfd2c869acbf9f7c6dc681e28ca703c290d7f (diff) | |
download | vyos-1x-f75db67c495c0e9e251bebba46b75e9d085dece0.tar.gz vyos-1x-f75db67c495c0e9e251bebba46b75e9d085dece0.zip |
nat: T2198: do not run DNAT rule if rule is disabled
-rw-r--r-- | data/templates/firewall/nftables-nat.tmpl | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl index 01dcec19f..528c4d82a 100644 --- a/data/templates/firewall/nftables-nat.tmpl +++ b/data/templates/firewall/nftables-nat.tmpl @@ -23,7 +23,7 @@ flush table nat {% endif %} -{% for r in destination -%} +{% for r in destination if not r.disabled -%} {% set chain = "PREROUTING" %} {% set dst_addr = "ip daddr " + r.dest_address if r.dest_address %} {% set dst_port = "dport { " + r.dest_port +" }" %} @@ -48,7 +48,6 @@ flush table nat {% set trns = "return" %} {% endif %} - {% if r.protocol == 'tcp_udp' %} {# Special handling for protocol tcp_udp which is represented as two individual rules #} {% if log %} |