diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-07-28 20:29:01 +0000 |
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-07-31 12:47:13 +0000 |
| commit | b7825f1f2b9b3ff7d25e8e072d60db7b70fa250a (patch) | |
| tree | 9d199fbc4d1f5b31a81f3ec1a68fc6d8dfc0f27d /src/conf_mode/nat.py | |
| parent | 26af45a61bbe8b219b57127a869e723b11886522 (diff) | |
| download | vyos-1x-b7825f1f2b9b3ff7d25e8e072d60db7b70fa250a.tar.gz vyos-1x-b7825f1f2b9b3ff7d25e8e072d60db7b70fa250a.zip | |
T5014: nat: add source and destination nat options for configuring load balance within a single rule.
Diffstat (limited to 'src/conf_mode/nat.py')
| -rwxr-xr-x | src/conf_mode/nat.py | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 5f4b658f8..dea833cf1 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -125,6 +125,18 @@ def verify_rule(config, err_msg, groups_dict): if config['protocol'] not in ['tcp', 'udp', 'tcp_udp']: raise ConfigError('Protocol must be tcp, udp, or tcp_udp when specifying a port-group') + if 'balance' in config: + for item in ['source-port', 'destination-port']: + if item in config['balance']['hash'] and config['protocol'] not in ['tcp', 'udp']: + raise ConfigError('Protocol must be tcp or udp when specifying hash ports') + count = 0 + if 'member' in config['balance']: + for member in config['balance']['member']: + weight = config['balance']['member'][member]['weight'] + count = count + int(weight) + if count != 100: + Warning(f'Sum of weight for nat balance rule is not 100. You may get unexpected behaviour') + def get_config(config=None): if config: conf = config @@ -198,7 +210,7 @@ def verify(nat): Warning(f'rule "{rule}" interface "{config["outbound_interface"]}" does not exist on this system') if not dict_search('translation.address', config) and not dict_search('translation.port', config): - if 'exclude' not in config: + if 'exclude' not in config and 'member' not in config['balance']: raise ConfigError(f'{err_msg} translation requires address and/or port') addr = dict_search('translation.address', config) @@ -222,7 +234,7 @@ def verify(nat): Warning(f'rule "{rule}" interface "{config["inbound_interface"]}" does not exist on this system') if not dict_search('translation.address', config) and not dict_search('translation.port', config): - if 'exclude' not in config: + if 'exclude' not in config and 'member' not in config['balance']: raise ConfigError(f'{err_msg} translation requires address and/or port') # common rule verification |