diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-06-11 16:35:00 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-06-11 16:35:02 +0200 |
commit | 4d40d5f85c156507bdca4e605eeef6570f34bede (patch) | |
tree | 719818a9589578419fa0bef433be09364a1c1149 /src/conf_mode/nat.py | |
parent | 5deb12c509bea6e353c3b4c3174f040895646cf8 (diff) | |
download | vyos-1x-4d40d5f85c156507bdca4e605eeef6570f34bede.tar.gz vyos-1x-4d40d5f85c156507bdca4e605eeef6570f34bede.zip |
nat: T2571: fix failing negated CLI configurations
tested using:
set nat destination rule 399 description 'Redirect DNS iot VLAN'
set nat destination rule 399 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 399 destination port '53'
set nat destination rule 399 inbound-interface bond10.204
set nat destination rule 399 log
set nat destination rule 399 protocol 'tcp_udp'
set nat destination rule 399 translation address '192.168.67.243'
set nat destination rule 399 translation port '53'
set nat destination rule 400 description 'Redirect DNS lan VLAN'
set nat destination rule 400 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 400 destination port '53'
set nat destination rule 400 inbound-interface bond10.204
set nat destination rule 400 log
set nat destination rule 400 protocol 'tcp_udp'
set nat destination rule 400 translation address '192.168.67.243'
set nat destination rule 400 translation port '53'
set nat destination rule 401 description 'Redirect DNS guest VLAN'
set nat destination rule 401 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 401 destination port '53'
set nat destination rule 401 inbound-interface bond10.204
set nat destination rule 401 log
set nat destination rule 401 protocol 'tcp_udp'
set nat destination rule 401 translation address '192.168.67.243'
set nat destination rule 401 translation port '53'
Diffstat (limited to 'src/conf_mode/nat.py')
-rwxr-xr-x | src/conf_mode/nat.py | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 7294314c6..b0a029f2b 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -83,9 +83,9 @@ def verify_rule(rule, err_msg): raise ConfigError(f'{err_msg} translation address not specified') -def parse_source_destination(conf, source_dest): +def parse_configuration(conf, source_dest): """ Common wrapper to read in both NAT source and destination CLI """ - tmp = [] + ruleset = [] base_level = ['nat', source_dest] conf.set_level(base_level) for number in conf.list_nodes(['rule']): @@ -113,10 +113,16 @@ def parse_source_destination(conf, source_dest): rule['description'] = conf.return_value(['description']) if conf.exists(['destination', 'address']): - rule['dest_address'] = conf.return_value(['destination', 'address']) + tmp = conf.return_value(['destination', 'address']) + if tmp.startswith('!'): + tmp = tmp.replace('!', '!=') + rule['dest_address'] = tmp if conf.exists(['destination', 'port']): - rule['dest_port'] = conf.return_value(['destination', 'port']) + tmp = conf.return_value(['destination', 'port']) + if tmp.startswith('!'): + tmp = tmp.replace('!', '!=') + rule['dest_port'] = tmp if conf.exists(['disable']): rule['disabled'] = True @@ -137,13 +143,19 @@ def parse_source_destination(conf, source_dest): rule['protocol'] = conf.return_value(['protocol']) if conf.exists(['source', 'address']): - rule['source_address'] = conf.return_value(['source', 'address']) + tmp = conf.return_value(['source', 'address']) + if tmp.startswith('!'): + tmp = tmp.replace('!', '!=') + rule['source_address'] = tmp if conf.exists(['source', 'prefix']): rule['source_prefix'] = conf.return_value(['source', 'prefix']) if conf.exists(['source', 'port']): - rule['source_port'] = conf.return_value(['source', 'port']) + tmp = conf.return_value(['source', 'port']) + if tmp.startswith('!'): + tmp = tmp.replace('!', '!=') + rule['source_port'] = tmp if conf.exists(['translation', 'address']): rule['translation_address'] = conf.return_value(['translation', 'address']) @@ -154,9 +166,9 @@ def parse_source_destination(conf, source_dest): if conf.exists(['translation', 'port']): rule['translation_port'] = conf.return_value(['translation', 'port']) - tmp.append(rule) + ruleset.append(rule) - return tmp + return ruleset def get_config(): nat = deepcopy(default_config_data) @@ -201,7 +213,7 @@ def get_config(): # tree from the config - thus we do not need to replicate almost the # same code :-) for tgt in ['source', 'destination', 'nptv6']: - nat[tgt] = parse_source_destination(conf, tgt) + nat[tgt] = parse_configuration(conf, tgt) return nat |