Merge pull request #791 from jack9603301/T3435

nat: op-mode: T3435: Filter extra rules that should not be processed

1 files changed, 20 insertions, 0 deletions

diff --git a/src/op_mode/show_nat_rules.py b/src/op_mode/show_nat_rules.py
index a98fbef8c..68cff61c8 100755
--- a/src/op_mode/show_nat_rules.py
+++ b/src/op_mode/show_nat_rules.py
@@ -40,7 +40,27 @@ if args.source or args.destination:
     data_json = jmespath.search('nftables[?rule].rule[?chain]', tmp)
     for idx in range(0, len(data_json)):
         data = data_json[idx]
+        
+        # The following key values must exist
+        # When the rule JSON does not have some keys, this is not a rule we can work with
+        continue_rule = False
+        for key in ['comment', 'chain', 'expr']:
+            if key not in data:
+                continue_rule = True
+                continue
+        if continue_rule:
+            continue
+        
         comment = data['comment']
+        
+        # Check the annotation to see if the annotation format is created by VYOS
+        continue_rule = True
+        for comment_prefix in ['SRC-NAT-', 'DST-NAT-']:
+            if comment_prefix in comment:
+                continue_rule = False
+        if continue_rule:
+            continue
+        
         rule = int(''.join(list(filter(str.isdigit, comment))))
         chain = data['chain']
         if not (args.source and chain == 'POSTROUTING') or (not args.source and chain == 'PREROUTING'):