summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2022-10-31 21:08:42 +0100
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2022-11-03 21:09:28 +0100
commitb4b491d424fba6f3d417135adc1865e338a480a1 (patch)
treef6aff71905c007837110d634e6cc5d6580f6db23 /data/templates
parent051e063fdf2e459a0716a35778b33ea6bb2fdcb6 (diff)
downloadvyos-1x-b4b491d424fba6f3d417135adc1865e338a480a1.tar.gz
vyos-1x-b4b491d424fba6f3d417135adc1865e338a480a1.zip
nat: T1877: T970: Add firewall groups to NAT
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/firewall/nftables-nat.j24
1 files changed, 4 insertions, 0 deletions
diff --git a/data/templates/firewall/nftables-nat.j2 b/data/templates/firewall/nftables-nat.j2
index c5c0a2c86..f0be3cf5d 100644
--- a/data/templates/firewall/nftables-nat.j2
+++ b/data/templates/firewall/nftables-nat.j2
@@ -1,5 +1,7 @@
#!/usr/sbin/nft -f
+{% import 'firewall/nftables-defines.j2' as group_tmpl %}
+
{% if helper_functions is vyos_defined('remove') %}
{# NAT if going to be disabled - remove rules and targets from nftables #}
{% set base_command = 'delete rule ip raw' %}
@@ -59,5 +61,7 @@ table ip vyos_nat {
chain VYOS_PRE_SNAT_HOOK {
return
}
+
+{{ group_tmpl.groups(firewall_group, False) }}
}
{% endif %}