diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-10-25 22:41:55 +0200 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-10-25 23:51:03 +0200 |
| commit | 16207f7a8ffdbc93fcfcc4b6ba783940a1e40e33 (patch) | |
| tree | 957246e53a9c2af600c0f0d7ae4db846bc9e27e8 /src/conf_mode/nat.py | |
| parent | 2a5273e650ce1242bc22e992e5a3104961ec1295 (diff) | |
| download | vyos-1x-16207f7a8ffdbc93fcfcc4b6ba783940a1e40e33.tar.gz vyos-1x-16207f7a8ffdbc93fcfcc4b6ba783940a1e40e33.zip | |
nat: T4706: Verify translation address or port exists
Diffstat (limited to 'src/conf_mode/nat.py')
| -rwxr-xr-x | src/conf_mode/nat.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 1e807753d..978c043e9 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -146,6 +146,10 @@ def verify(nat): if config['outbound_interface'] not in 'any' and config['outbound_interface'] not in interfaces(): Warning(f'rule "{rule}" interface "{config["outbound_interface"]}" does not exist on this system') + if not dict_search('translation.address', config) and not dict_search('translation.port', config): + if 'exclude' not in config: + raise ConfigError(f'{err_msg} translation requires address and/or port') + addr = dict_search('translation.address', config) if addr != None and addr != 'masquerade' and not is_ip_network(addr): for ip in addr.split('-'): @@ -166,6 +170,10 @@ def verify(nat): elif config['inbound_interface'] not in 'any' and config['inbound_interface'] not in interfaces(): Warning(f'rule "{rule}" interface "{config["inbound_interface"]}" does not exist on this system') + if not dict_search('translation.address', config) and not dict_search('translation.port', config): + if 'exclude' not in config: + raise ConfigError(f'{err_msg} translation requires address and/or port') + # common rule verification verify_rule(config, err_msg) |