diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-08-04 15:50:09 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-04 15:50:09 +0200 |
commit | 8af312ecac8830cf0ff65232729daceff469394d (patch) | |
tree | 8e284541dbf71b7ada4c94a530df2d94f812473b /data/templates | |
parent | 993961f60ead2a18912eb577b1152463d4eb8b4e (diff) | |
parent | ecc03bd6e499bfa071218aa70d325fcfcc191dec (diff) | |
download | vyos-1x-8af312ecac8830cf0ff65232729daceff469394d.tar.gz vyos-1x-8af312ecac8830cf0ff65232729daceff469394d.zip |
Merge pull request #1457 from sever-sever/T4586
nat66: T4586: Add SNAT destination prefix and DNAT address
Diffstat (limited to 'data/templates')
-rw-r--r-- | data/templates/firewall/nftables-nat66.j2 | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/data/templates/firewall/nftables-nat66.j2 b/data/templates/firewall/nftables-nat66.j2 index 003b138b2..ca19506f2 100644 --- a/data/templates/firewall/nftables-nat66.j2 +++ b/data/templates/firewall/nftables-nat66.j2 @@ -3,8 +3,10 @@ {% macro nptv6_rule(rule,config, chain) %} {% set comment = '' %} {% set base_log = '' %} -{% set src_prefix = 'ip6 saddr ' ~ config.source.prefix if config.source.prefix is vyos_defined %} -{% set dest_address = 'ip6 daddr ' ~ config.destination.address if config.destination.address is vyos_defined %} +{% set dst_prefix = 'ip6 daddr ' ~ config.destination.prefix.replace('!','!= ') if config.destination.prefix is vyos_defined %} +{% set src_prefix = 'ip6 saddr ' ~ config.source.prefix.replace('!','!= ') if config.source.prefix is vyos_defined %} +{% set source_address = 'ip6 saddr ' ~ config.source.address.replace('!','!= ') if config.source.address is vyos_defined %} +{% set dest_address = 'ip6 daddr ' ~ config.destination.address.replace('!','!= ') if config.destination.address is vyos_defined %} {% if chain is vyos_defined('PREROUTING') %} {% set comment = 'DST-NAT66-' ~ rule %} {% set base_log = '[NAT66-DST-' ~ rule %} @@ -52,6 +54,12 @@ {% if src_prefix is vyos_defined %} {% set output = output ~ ' ' ~ src_prefix %} {% endif %} +{% if dst_prefix is vyos_defined %} +{% set output = output ~ ' ' ~ dst_prefix %} +{% endif %} +{% if source_address is vyos_defined %} +{% set output = output ~ ' ' ~ source_address %} +{% endif %} {% if dest_address is vyos_defined %} {% set output = output ~ ' ' ~ dest_address %} {% endif %} |