Merge pull request #1618 from sarthurdev/T4764

nat: T4764: Remove NAT tables on node deletion

1 files changed, 10 insertions, 8 deletions

diff --git a/data/templates/firewall/nftables-static-nat.j2 b/data/templates/firewall/nftables-static-nat.j2
index 790c33ce9..e5e3da867 100644
--- a/data/templates/firewall/nftables-static-nat.j2
+++ b/data/templates/firewall/nftables-static-nat.j2
@@ -3,6 +3,7 @@
 {% if first_install is not vyos_defined %}
 delete table ip vyos_static_nat
 {% endif %}
+{% if deleted is not vyos_defined %}
 table ip vyos_static_nat {
     #
     # Destination NAT rules build up here
@@ -10,11 +11,11 @@ table ip vyos_static_nat {
 
     chain PREROUTING {
         type nat hook prerouting priority -100; policy accept;
-{% if static.rule is vyos_defined %}
-{%     for rule, config in static.rule.items() if config.disable is not vyos_defined %}
+{%     if static.rule is vyos_defined %}
+{%         for rule, config in static.rule.items() if config.disable is not vyos_defined %}
     {{ config | nat_static_rule(rule, 'destination') }}
-{%     endfor %}
-{% endif %}
+{%         endfor %}
+{%     endif %}
     }
 
     #
@@ -22,10 +23,11 @@ table ip vyos_static_nat {
     #
     chain POSTROUTING {
         type nat hook postrouting priority 100; policy accept;
-{% if static.rule is vyos_defined %}
-{%     for rule, config in static.rule.items() if config.disable is not vyos_defined %}
+{%     if static.rule is vyos_defined %}
+{%         for rule, config in static.rule.items() if config.disable is not vyos_defined %}
     {{ config | nat_static_rule(rule, 'source') }}
-{%     endfor %}
-{% endif %}
+{%         endfor %}
+{%     endif %}
     }
 }
+{% endif %}