diff options
| author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-12-23 13:21:43 +0000 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2023-12-24 10:11:39 +0000 |
| commit | cd3cfd2ad5c3201b0a1f9acc283ba2631420e723 (patch) | |
| tree | f11ccdf29a76cb6944fb51f59a8cf5b3d42925e9 /src/conf_mode | |
| parent | 04e24e89623620466b56b432c36f727768e5dcb7 (diff) | |
| download | vyos-1x-cd3cfd2ad5c3201b0a1f9acc283ba2631420e723.tar.gz vyos-1x-cd3cfd2ad5c3201b0a1f9acc283ba2631420e723.zip | |
T160: NAT64 add match firewall mark feature
Match mark allows to use firewall marks of packet to use
a specific pool
Example of instance config /run/jool/instance-100.json
```
...
"pool4": [
{
"protocol": "TCP",
"prefix": "192.0.2.10",
"port range": "1-65535",
"mark": 23
},
...
```
(cherry picked from commit 8e1e79cfa24c155c8d504822fbbd3c20f890fb70)
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/nat64.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/conf_mode/nat64.py b/src/conf_mode/nat64.py index a8b90fb11..6026c61d0 100755 --- a/src/conf_mode/nat64.py +++ b/src/conf_mode/nat64.py @@ -148,6 +148,11 @@ def generate(nat64) -> None: if dict_search("translation.pool", instance): pool4 = [] + # mark + mark = '' + if dict_search("match.mark", instance): + mark = instance["match"]["mark"] + for pool in instance["translation"]["pool"].values(): if "disable" in pool: continue @@ -159,6 +164,8 @@ def generate(nat64) -> None: "prefix": pool["address"], "port range": pool["port"], } + if mark: + obj["mark"] = int(mark) if "description" in pool: obj["comment"] = pool["description"] |