diff options
| author | Ginko <152240782+Giggum@users.noreply.github.com> | 2024-05-29 14:27:22 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-29 20:27:22 +0200 |
| commit | b7595ee9d328778105c70e3d4399ac45f555b304 (patch) | |
| tree | de7bf1629582a3ea74d2a942a97c321a0ae8e86c | |
| parent | a234384dd0603e41b6835fbc7d5cc599069a2faf (diff) | |
| download | vyos-1x-b7595ee9d328778105c70e3d4399ac45f555b304.tar.gz vyos-1x-b7595ee9d328778105c70e3d4399ac45f555b304.zip | |
nat: T6371: fix op mode display of configured ports when comma separated list of ports/ranges exists
Before: Issuing the op mode command "show nat source rules" will throw an
exception if the user has configured NAT rules using a list of ports as a
comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was
no handling for the "!" rule and so '!53' would display as '53'.
With this PR: Introduced iteration to capture all configured ports and append
to the appropriate string for display to the user as well as handling of '!' if
present in user's configuration.
| -rwxr-xr-x | src/op_mode/nat.py | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/src/op_mode/nat.py b/src/op_mode/nat.py index 4ab524fb7..16a545cda 100755 --- a/src/op_mode/nat.py +++ b/src/op_mode/nat.py @@ -99,6 +99,23 @@ def _get_raw_translation(direction, family, address=None): def _get_formatted_output_rules(data, direction, family): + def _get_ports_for_output(my_dict): + # Get and insert all configured ports or port ranges into output string + for index, port in enumerate(my_dict['set']): + if 'range' in str(my_dict['set'][index]): + output = my_dict['set'][index]['range'] + output = '-'.join(map(str, output)) + else: + output = str(port) + if index == 0: + output = str(output) + else: + output = ','.join([output,output]) + # Handle case where configured ports are a negated list + if my_dict['op'] == '!=': + output = '!' + output + return(output) + # Add default values before loop sport, dport, proto = 'any', 'any', 'any' saddr = '::/0' if family == 'inet6' else '0.0.0.0/0' @@ -126,21 +143,9 @@ def _get_formatted_output_rules(data, direction, family): elif my_dict['field'] == 'daddr': daddr = f'{op}{my_dict["prefix"]["addr"]}/{my_dict["prefix"]["len"]}' elif my_dict['field'] == 'sport': - # Port range or single port - if jmespath.search('set[*].range', my_dict): - sport = my_dict['set'][0]['range'] - sport = '-'.join(map(str, sport)) - else: - sport = my_dict.get('set') - sport = ','.join(map(str, sport)) + sport = _get_ports_for_output(my_dict) elif my_dict['field'] == 'dport': - # Port range or single port - if jmespath.search('set[*].range', my_dict): - dport = my_dict["set"][0]["range"] - dport = '-'.join(map(str, dport)) - else: - dport = my_dict.get('set') - dport = ','.join(map(str, dport)) + dport = _get_ports_for_output(my_dict) else: field = jmespath.search('left.payload.field', match) if field == 'saddr': |