diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-04-25 11:43:16 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-04-25 11:43:16 +0000 |
commit | 825242cfd064d08f7980a577815adbfd251bb361 (patch) | |
tree | 5a5ef5c5eba4d5c236fd2fec93bc6e5b35f4c3ee /data/templates/firewall | |
parent | fd9f82f96041b137885c99c526ac6efe2c4abc57 (diff) | |
download | vyos-1x-825242cfd064d08f7980a577815adbfd251bb361.tar.gz vyos-1x-825242cfd064d08f7980a577815adbfd251bb361.zip |
nat: T4210: Fix template for negated ports
Diffstat (limited to 'data/templates/firewall')
-rw-r--r-- | data/templates/firewall/nftables-nat.tmpl | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl index 7a925b264..63aa48c77 100644 --- a/data/templates/firewall/nftables-nat.tmpl +++ b/data/templates/firewall/nftables-nat.tmpl @@ -6,14 +6,14 @@ {% set src_addr = 'ip saddr ' ~ config.source.address.replace('!','!= ') if config.source.address is vyos_defined %} {% set dst_addr = 'ip daddr ' ~ config.destination.address.replace('!','!= ') if config.destination.address is vyos_defined %} {# negated port groups need special treatment, move != in front of { } group #} -{% if config.source.port is vyos_defined and config.source.port.startswith('!=') %} -{% set src_port = 'sport != { ' ~ config.source.port.replace('!=','') ~ ' }' %} +{% if config.source.port is vyos_defined and config.source.port.startswith('!') %} +{% set src_port = 'sport != { ' ~ config.source.port.replace('!','') ~ ' }' %} {% else %} {% set src_port = 'sport { ' ~ config.source.port ~ ' }' if config.source.port is vyos_defined %} {% endif %} {# negated port groups need special treatment, move != in front of { } group #} -{% if config.destination.port is vyos_defined and config.destination.port.startswith('!=') %} -{% set dst_port = 'dport != { ' ~ config.destination.port.replace('!=','') ~ ' }' %} +{% if config.destination.port is vyos_defined and config.destination.port.startswith('!') %} +{% set dst_port = 'dport != { ' ~ config.destination.port.replace('!','') ~ ' }' %} {% else %} {% set dst_port = 'dport { ' ~ config.destination.port ~ ' }' if config.destination.port is vyos_defined %} {% endif %} |