summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-11-19 20:59:29 +0100
committerGitHub <noreply@github.com>2022-11-19 20:59:29 +0100
commit2fa43aea9c47968754ff7e870f798dbc8b1ed664 (patch)
tree7ed9f7e005be6e61f04655b67022207f7cd21424
parent0cec72de1716e5dcad5074be8c5de03464577364 (diff)
parentad27ccbe68bd0f926259c18e51d85e40bb72eb7b (diff)
downloadvyos-1x-2fa43aea9c47968754ff7e870f798dbc8b1ed664.tar.gz
vyos-1x-2fa43aea9c47968754ff7e870f798dbc8b1ed664.zip
Merge pull request #1666 from nicolas-fort/T4830-nat66
T4830: nat66: fix how nat66 rules are written in nftables
-rw-r--r--python/vyos/nat.py4
-rwxr-xr-xsmoketest/scripts/cli/test_nat66.py4
2 files changed, 6 insertions, 2 deletions
diff --git a/python/vyos/nat.py b/python/vyos/nat.py
index 3d01829a7..e1dfff541 100644
--- a/python/vyos/nat.py
+++ b/python/vyos/nat.py
@@ -16,6 +16,8 @@
from vyos.template import is_ip_network
from vyos.util import dict_search_args
+from vyos.template import bracketize_ipv6
+
def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False):
output = []
@@ -69,6 +71,8 @@ def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False):
else:
translation_output.append('to')
if addr:
+ if ipv6:
+ addr = bracketize_ipv6(addr)
translation_output.append(addr)
options = []
diff --git a/smoketest/scripts/cli/test_nat66.py b/smoketest/scripts/cli/test_nat66.py
index 6cf7ca0a1..50806b3e8 100755
--- a/smoketest/scripts/cli/test_nat66.py
+++ b/smoketest/scripts/cli/test_nat66.py
@@ -136,7 +136,7 @@ class TestNAT66(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
nftables_search = [
- ['iifname "eth1"', 'tcp dport 4545', 'ip6 saddr 2001:db8:2222::/64', 'tcp sport 8080', 'dnat to 2001:db8:1111::1:5555']
+ ['iifname "eth1"', 'tcp dport 4545', 'ip6 saddr 2001:db8:2222::/64', 'tcp sport 8080', 'dnat to [2001:db8:1111::1]:5555']
]
self.verify_nftables(nftables_search, 'ip6 vyos_nat')
@@ -208,7 +208,7 @@ class TestNAT66(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
nftables_search = [
- ['oifname "eth1"', 'ip6 saddr 2001:db8:2222::/64', 'tcp dport 9999', 'tcp sport 8080', 'snat to 2001:db8:1111::1:80']
+ ['oifname "eth1"', 'ip6 saddr 2001:db8:2222::/64', 'tcp dport 9999', 'tcp sport 8080', 'snat to [2001:db8:1111::1]:80']
]
self.verify_nftables(nftables_search, 'ip6 vyos_nat')