Merge pull request #1300 from sever-sever/T4210

nat: T4210: Fix template for negated ports

1 files changed, 4 insertions, 4 deletions

diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl
index 7a925b264..63aa48c77 100644
--- a/data/templates/firewall/nftables-nat.tmpl
+++ b/data/templates/firewall/nftables-nat.tmpl
@@ -6,14 +6,14 @@
 {%   set src_addr  = 'ip saddr ' ~ config.source.address.replace('!','!= ') if config.source.address is vyos_defined %}
 {%   set dst_addr  = 'ip daddr ' ~ config.destination.address.replace('!','!= ') if config.destination.address is vyos_defined %}
 {#   negated port groups need special treatment, move != in front of { } group #}
-{%   if config.source.port is vyos_defined and config.source.port.startswith('!=') %}
-{%     set src_port  = 'sport != { ' ~ config.source.port.replace('!=','') ~ ' }' %}
+{%   if config.source.port is vyos_defined and config.source.port.startswith('!') %}
+{%     set src_port  = 'sport != { ' ~ config.source.port.replace('!','') ~ ' }' %}
 {%   else %}
 {%     set src_port  = 'sport { ' ~ config.source.port ~ ' }' if config.source.port is vyos_defined %}
 {%   endif %}
 {#   negated port groups need special treatment, move != in front of { } group #}
-{%   if config.destination.port is vyos_defined and config.destination.port.startswith('!=') %}
-{%     set dst_port  = 'dport != { ' ~ config.destination.port.replace('!=','') ~ ' }' %}
+{%   if config.destination.port is vyos_defined and config.destination.port.startswith('!') %}
+{%     set dst_port  = 'dport != { ' ~ config.destination.port.replace('!','') ~ ' }' %}
 {%   else %}
 {%     set dst_port  = 'dport { ' ~ config.destination.port ~ ' }' if config.destination.port is vyos_defined %}
 {%   endif %}