summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2022-08-29 11:36:16 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2022-08-29 11:36:16 +0000
commitaa9633b4358c571e58710dba5330f72f7f893304 (patch)
tree11e5346d9d6353e33575ad7f39b4b7985543c25f
parentedb2d72c3487b06fffd67dde203219b3c1bd7443 (diff)
downloadvyos-1x-aa9633b4358c571e58710dba5330f72f7f893304.tar.gz
vyos-1x-aa9633b4358c571e58710dba5330f72f7f893304.zip
nat: T4367: Move nat rules from /tmp to /run/nftables_nat.conf
Move nftables nat configuration from /tmp to /run As we have for other services like firewall, conntrack Don't remove the config file '/run/nftables_nat.conf' after commit
-rwxr-xr-xsrc/conf_mode/nat.py6
1 files changed, 1 insertions, 5 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index 85819a77e..a72e82a83 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -44,7 +44,7 @@ if LooseVersion(kernel_version()) > LooseVersion('5.1'):
else:
k_mod = ['nft_nat', 'nft_chain_nat_ipv4']
-nftables_nat_config = '/tmp/vyos-nat-rules.nft'
+nftables_nat_config = '/run/nftables_nat.conf'
def get_handler(json, chain, target):
""" Get nftable rule handler number of given chain/target combination.
@@ -186,16 +186,12 @@ def generate(nat):
# dry-run newly generated configuration
tmp = run(f'nft -c -f {nftables_nat_config}')
if tmp > 0:
- if os.path.exists(nftables_nat_config):
- os.unlink(nftables_nat_config)
raise ConfigError('Configuration file errors encountered!')
return None
def apply(nat):
cmd(f'nft -f {nftables_nat_config}')
- if os.path.isfile(nftables_nat_config):
- os.unlink(nftables_nat_config)
return None