summaryrefslogtreecommitdiff
path: root/data/templates/firewall
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-10-25 12:29:03 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-10-25 22:42:20 +0200
commit2a5273e650ce1242bc22e992e5a3104961ec1295 (patch)
treeae130bd6e6dab4c5c0b1a167e4de1c269b10c328 /data/templates/firewall
parentec82d60828500a56b6fe8357970bf839053ac0af (diff)
downloadvyos-1x-2a5273e650ce1242bc22e992e5a3104961ec1295.tar.gz
vyos-1x-2a5273e650ce1242bc22e992e5a3104961ec1295.zip
nat: T4764: Remove tables on NAT deletion
Diffstat (limited to 'data/templates/firewall')
-rw-r--r--data/templates/firewall/nftables-nat.j218
-rw-r--r--data/templates/firewall/nftables-static-nat.j218
2 files changed, 20 insertions, 16 deletions
diff --git a/data/templates/firewall/nftables-nat.j2 b/data/templates/firewall/nftables-nat.j2
index 55fe6024b..c5c0a2c86 100644
--- a/data/templates/firewall/nftables-nat.j2
+++ b/data/templates/firewall/nftables-nat.j2
@@ -24,6 +24,7 @@ add rule ip raw NAT_CONNTRACK counter accept
{% if first_install is not vyos_defined %}
delete table ip vyos_nat
{% endif %}
+{% if deleted is not vyos_defined %}
table ip vyos_nat {
#
# Destination NAT rules build up here
@@ -31,11 +32,11 @@ table ip vyos_nat {
chain PREROUTING {
type nat hook prerouting priority -100; policy accept;
counter jump VYOS_PRE_DNAT_HOOK
-{% if destination.rule is vyos_defined %}
-{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %}
+{% if destination.rule is vyos_defined %}
+{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %}
{{ config | nat_rule(rule, 'destination') }}
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
}
#
@@ -44,11 +45,11 @@ table ip vyos_nat {
chain POSTROUTING {
type nat hook postrouting priority 100; policy accept;
counter jump VYOS_PRE_SNAT_HOOK
-{% if source.rule is vyos_defined %}
-{% for rule, config in source.rule.items() if config.disable is not vyos_defined %}
+{% if source.rule is vyos_defined %}
+{% for rule, config in source.rule.items() if config.disable is not vyos_defined %}
{{ config | nat_rule(rule, 'source') }}
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
}
chain VYOS_PRE_DNAT_HOOK {
@@ -59,3 +60,4 @@ table ip vyos_nat {
return
}
}
+{% endif %}
diff --git a/data/templates/firewall/nftables-static-nat.j2 b/data/templates/firewall/nftables-static-nat.j2
index 790c33ce9..e5e3da867 100644
--- a/data/templates/firewall/nftables-static-nat.j2
+++ b/data/templates/firewall/nftables-static-nat.j2
@@ -3,6 +3,7 @@
{% if first_install is not vyos_defined %}
delete table ip vyos_static_nat
{% endif %}
+{% if deleted is not vyos_defined %}
table ip vyos_static_nat {
#
# Destination NAT rules build up here
@@ -10,11 +11,11 @@ table ip vyos_static_nat {
chain PREROUTING {
type nat hook prerouting priority -100; policy accept;
-{% if static.rule is vyos_defined %}
-{% for rule, config in static.rule.items() if config.disable is not vyos_defined %}
+{% if static.rule is vyos_defined %}
+{% for rule, config in static.rule.items() if config.disable is not vyos_defined %}
{{ config | nat_static_rule(rule, 'destination') }}
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
}
#
@@ -22,10 +23,11 @@ table ip vyos_static_nat {
#
chain POSTROUTING {
type nat hook postrouting priority 100; policy accept;
-{% if static.rule is vyos_defined %}
-{% for rule, config in static.rule.items() if config.disable is not vyos_defined %}
+{% if static.rule is vyos_defined %}
+{% for rule, config in static.rule.items() if config.disable is not vyos_defined %}
{{ config | nat_static_rule(rule, 'source') }}
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
}
}
+{% endif %}