nat: T4605: Refactor NAT to use python module for parsing rules

* Rename table to vyos_nat * Refactor tests to use `verify_nftables` format
author: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-09-20 14:19:23 +0200
committer: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2022-09-21 20:53:49 +0200
commit: 448d4f6db9cf6dfceffccf988301e5f4d04c9afa (patch)
tree: 8cdb965b4cabfcdf02c53e7046833d0cd5610df0 /src/conf_mode/nat.py
parent: e9c233d65cfffccca131afb4cfb0bcaae0836c39 (diff)
download: vyos-1x-448d4f6db9cf6dfceffccf988301e5f4d04c9afa.tar.gz
vyos-1x-448d4f6db9cf6dfceffccf988301e5f4d04c9afa.zip
1 files changed, 9 insertions, 16 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index e75418ba5..3f52d7c1f 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -147,14 +147,10 @@ def verify(nat):
                 Warning(f'rule "{rule}" interface "{config["outbound_interface"]}" does not exist on this system')
 
             addr = dict_search('translation.address', config)
-            if addr != None:
-                if addr != 'masquerade' and not is_ip_network(addr):
-                    for ip in addr.split('-'):
-                        if not is_addr_assigned(ip):
-                            Warning(f'IP address {ip} does not exist on the system!')
-            elif 'exclude' not in config:
-                raise ConfigError(f'{err_msg}\n' \
-                                  'translation address not specified')
+            if addr != None and addr != 'masquerade' and not is_ip_network(addr):
+                for ip in addr.split('-'):
+                    if not is_addr_assigned(ip):
+                        Warning(f'IP address {ip} does not exist on the system!')
 
             # common rule verification
             verify_rule(config, err_msg)
@@ -167,14 +163,8 @@ def verify(nat):
             if 'inbound_interface' not in config:
                 raise ConfigError(f'{err_msg}\n' \
                                   'inbound-interface not specified')
-            else:
-                if config['inbound_interface'] not in 'any' and config['inbound_interface'] not in interfaces():
-                    Warning(f'rule "{rule}" interface "{config["inbound_interface"]}" does not exist on this system')
-
-
-            if dict_search('translation.address', config) == None and 'exclude' not in config:
-                raise ConfigError(f'{err_msg}\n' \
-                                  'translation address not specified')
+            elif config['inbound_interface'] not in 'any' and config['inbound_interface'] not in interfaces():
+                Warning(f'rule "{rule}" interface "{config["inbound_interface"]}" does not exist on this system')
 
             # common rule verification
             verify_rule(config, err_msg)
@@ -193,6 +183,9 @@ def verify(nat):
     return None
 
 def generate(nat):
+    if not os.path.exists(nftables_nat_config):
+        nat['first_install'] = True
+
     render(nftables_nat_config, 'firewall/nftables-nat.j2', nat)
     render(nftables_static_nat_conf, 'firewall/nftables-static-nat.j2', nat)
author	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-09-20 14:19:23 +0200
committer	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2022-09-21 20:53:49 +0200
commit	448d4f6db9cf6dfceffccf988301e5f4d04c9afa (patch)
tree	8cdb965b4cabfcdf02c53e7046833d0cd5610df0 /src/conf_mode/nat.py
parent	e9c233d65cfffccca131afb4cfb0bcaae0836c39 (diff)
download	vyos-1x-448d4f6db9cf6dfceffccf988301e5f4d04c9afa.tar.gz vyos-1x-448d4f6db9cf6dfceffccf988301e5f4d04c9afa.zip