summaryrefslogtreecommitdiff
path: root/src/conf_mode/nat66.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-09-22 07:58:28 +0200
committerGitHub <noreply@github.com>2022-09-22 07:58:28 +0200
commit7ba1f6444d1b7a8d25715623daf75f81521d9667 (patch)
tree8c391027eef25ae4ffc7e18be291c6df402937e6 /src/conf_mode/nat66.py
parentf3e6fb5aab6f562dab49f559f31c58c0f86c03df (diff)
parentc6bbe051574acf5ca1501e631d73ac06bdb17b30 (diff)
downloadvyos-1x-7ba1f6444d1b7a8d25715623daf75f81521d9667.tar.gz
vyos-1x-7ba1f6444d1b7a8d25715623daf75f81521d9667.zip
Merge pull request #1552 from sarthurdev/nat_refactor
nat: nat66: T4605: T4706: Refactor NAT/NAT66 and use new table name
Diffstat (limited to 'src/conf_mode/nat66.py')
-rwxr-xr-xsrc/conf_mode/nat66.py11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/conf_mode/nat66.py b/src/conf_mode/nat66.py
index f64102d88..d8f913b0c 100755
--- a/src/conf_mode/nat66.py
+++ b/src/conf_mode/nat66.py
@@ -36,7 +36,7 @@ airbag.enable()
k_mod = ['nft_nat', 'nft_chain_nat']
-nftables_nat66_config = '/tmp/vyos-nat66-rules.nft'
+nftables_nat66_config = '/run/nftables_nat66.nft'
ndppd_config = '/run/ndppd/ndppd.conf'
def get_handler(json, chain, target):
@@ -147,6 +147,9 @@ def verify(nat):
return None
def generate(nat):
+ if not os.path.exists(nftables_nat66_config):
+ nat['first_install'] = True
+
render(nftables_nat66_config, 'firewall/nftables-nat66.j2', nat, permission=0o755)
render(ndppd_config, 'ndppd/ndppd.conf.j2', nat, permission=0o755)
return None
@@ -154,15 +157,15 @@ def generate(nat):
def apply(nat):
if not nat:
return None
- cmd(f'{nftables_nat66_config}')
+
+ cmd(f'nft -f {nftables_nat66_config}')
+
if 'deleted' in nat or not dict_search('source.rule', nat):
cmd('systemctl stop ndppd')
if os.path.isfile(ndppd_config):
os.unlink(ndppd_config)
else:
cmd('systemctl restart ndppd')
- if os.path.isfile(nftables_nat66_config):
- os.unlink(nftables_nat66_config)
return None