diff options
| author | Nicolás Fort <95703796+nicolas-fort@users.noreply.github.com> | 2024-01-04 12:49:39 -0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-04 15:49:39 +0000 |
| commit | 3fc76505d0642c32a3eae9c0ce6ab3dd2ec32dbd (patch) | |
| tree | 2b99041737bab239bb97f878213b51c281d74eb1 /python | |
| parent | 1043859f6f87ed64c88c2cd15d4b24a881e89eb1 (diff) | |
| download | vyos-1x-3fc76505d0642c32a3eae9c0ce6ab3dd2ec32dbd.tar.gz vyos-1x-3fc76505d0642c32a3eae9c0ce6ab3dd2ec32dbd.zip | |
T5159: nat: add option to map network and ports. Feature used for large deployments in cgnat. (#2694)
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/nat.py | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/python/vyos/nat.py b/python/vyos/nat.py index 392d38772..7215aac88 100644 --- a/python/vyos/nat.py +++ b/python/vyos/nat.py @@ -89,7 +89,10 @@ def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False): if addr and is_ip_network(addr): if not ipv6: map_addr = dict_search_args(rule_conf, nat_type, 'address') - translation_output.append(f'{ip_prefix} prefix to {ip_prefix} {translation_prefix}addr map {{ {map_addr} : {addr} }}') + if port: + translation_output.append(f'{ip_prefix} prefix to {ip_prefix} {translation_prefix}addr map {{ {map_addr} : {addr} . {port} }}') + else: + translation_output.append(f'{ip_prefix} prefix to {ip_prefix} {translation_prefix}addr map {{ {map_addr} : {addr} }}') ignore_type_addr = True else: translation_output.append(f'prefix to {addr}') @@ -112,7 +115,10 @@ def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False): if port_mapping and port_mapping != 'none': options.append(port_mapping) - translation_str = " ".join(translation_output) + (f':{port}' if port else '') + if ((not addr) or (addr and not is_ip_network(addr))) and port: + translation_str = " ".join(translation_output) + (f':{port}') + else: + translation_str = " ".join(translation_output) if options: translation_str += f' {",".join(options)}' |