summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-08-28 21:14:00 +0200
committerChristian Poessinger <christian@poessinger.com>2020-08-28 21:15:00 +0200
commit0831c666891506d26cf6b4730c88c2e900121d6a (patch)
tree2912d0c6c806a84feff5ff14421c5432fba7bb41 /src/conf_mode
parentc29ed43a720f0205dbafa26a0048076bba9d7333 (diff)
downloadvyos-1x-0831c666891506d26cf6b4730c88c2e900121d6a.tar.gz
vyos-1x-0831c666891506d26cf6b4730c88c2e900121d6a.zip
nat: T2813: translation address is mandatory if rule is not excluded
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/nat.py5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index dd34dfd66..97cd36223 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -232,6 +232,8 @@ def verify(nat):
addr = rule['translation_address']
if addr != 'masquerade' and not is_addr_assigned(addr):
print(f'Warning: IP address {addr} does not exist on the system!')
+ elif not rule['exclude']:
+ raise ConfigError(f'{err_msg} translation address not specified')
# common rule verification
verify_rule(rule, err_msg)
@@ -246,6 +248,9 @@ def verify(nat):
if not rule['interface_in']:
raise ConfigError(f'{err_msg} inbound-interface not specified')
+ if not rule['translation_address'] and not rule['exclude']:
+ raise ConfigError(f'{err_msg} translation address not specified')
+
# common rule verification
verify_rule(rule, err_msg)