T4758: Fix conflicts op-mode-standardized

1 files changed, 12 insertions, 0 deletions

diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index 8b1a5a720..978c043e9 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -146,6 +146,10 @@ def verify(nat):
             if config['outbound_interface'] not in 'any' and config['outbound_interface'] not in interfaces():
                 Warning(f'rule "{rule}" interface "{config["outbound_interface"]}" does not exist on this system')
 
+            if not dict_search('translation.address', config) and not dict_search('translation.port', config):
+                if 'exclude' not in config:
+                    raise ConfigError(f'{err_msg} translation requires address and/or port')
+
             addr = dict_search('translation.address', config)
             if addr != None and addr != 'masquerade' and not is_ip_network(addr):
                 for ip in addr.split('-'):
@@ -166,6 +170,10 @@ def verify(nat):
             elif config['inbound_interface'] not in 'any' and config['inbound_interface'] not in interfaces():
                 Warning(f'rule "{rule}" interface "{config["inbound_interface"]}" does not exist on this system')
 
+            if not dict_search('translation.address', config) and not dict_search('translation.port', config):
+                if 'exclude' not in config:
+                    raise ConfigError(f'{err_msg} translation requires address and/or port')
+
             # common rule verification
             verify_rule(config, err_msg)
 
@@ -204,6 +212,10 @@ def apply(nat):
     cmd(f'nft -f {nftables_nat_config}')
     cmd(f'nft -f {nftables_static_nat_conf}')
 
+    if not nat or 'deleted' in nat:
+        os.unlink(nftables_nat_config)
+        os.unlink(nftables_static_nat_conf)
+
     return None
 
 if __name__ == '__main__':