summaryrefslogtreecommitdiff
path: root/src/op_mode/show_nat_rules.py
diff options
context:
space:
mode:
authorjack9603301 <jack9603301@163.com>2021-03-26 19:00:13 +0800
committerjack9603301 <jack9603301@163.com>2021-04-04 17:44:37 +0800
commit6dcdb233eae6a909d2899a5f3d8dc5791a846745 (patch)
treeed05e1cf98a0ea8a829fe0aa4b3ef53ae06ca240 /src/op_mode/show_nat_rules.py
parent6330708f7ad50e56b16e1c7bc671eaddcd758bdb (diff)
downloadvyos-1x-6dcdb233eae6a909d2899a5f3d8dc5791a846745.tar.gz
vyos-1x-6dcdb233eae6a909d2899a5f3d8dc5791a846745.zip
nat: op-mode: T3435: Filter extra rules that should not be processed
Diffstat (limited to 'src/op_mode/show_nat_rules.py')
-rwxr-xr-xsrc/op_mode/show_nat_rules.py10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/op_mode/show_nat_rules.py b/src/op_mode/show_nat_rules.py
index a98fbef8c..4bf9ff3b5 100755
--- a/src/op_mode/show_nat_rules.py
+++ b/src/op_mode/show_nat_rules.py
@@ -40,6 +40,16 @@ if args.source or args.destination:
data_json = jmespath.search('nftables[?rule].rule[?chain]', tmp)
for idx in range(0, len(data_json)):
data = data_json[idx]
+
+ # If there is no index 3, we don't think this is the record we need to check
+ if len(data['expr']) <= 3:
+ continue
+
+ # The following key values must exist
+ for keys in ['comment', 'chain', 'expr']:
+ if keys not in data:
+ continue
+
comment = data['comment']
rule = int(''.join(list(filter(str.isdigit, comment))))
chain = data['chain']