diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-11 19:32:32 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-05-16 15:30:26 +0200 |
commit | fda762065c03d55c05682bf9834354c0edca3e97 (patch) | |
tree | 7d58b5a65f40aac1c2df74128e15fbc018ab322f /src | |
parent | 1c6ae6f7e7cf30d9598d2886bb3d2c34685a2c8c (diff) | |
download | vyos-1x-fda762065c03d55c05682bf9834354c0edca3e97.tar.gz vyos-1x-fda762065c03d55c05682bf9834354c0edca3e97.zip |
nat: T2198: implement deletion of NAT subsystem
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/nat.py | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 128e2469c..916f63f09 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -27,11 +27,12 @@ from vyos.util import call, cmd from vyos import ConfigError default_config_data = { - 'prerouting_ct_helper': '', - 'prerouting_ct_conntrack': '', - 'output_ct_helper': '', - 'output_ct_conntrack': '', + 'deleted': False, 'destination': [], + 'pre_ct_helper': '', + 'pre_ct_conntrack': '', + 'out_ct_helper': '', + 'out_ct_conntrack': '', 'source': [] } @@ -139,11 +140,21 @@ def parse_source_destination(conf, source_dest): def get_config(): nat = deepcopy(default_config_data) conf = Config() + if not conf.exists(['nat']): - return None + # Retrieve current table handler positions + nat['pre_ct_ignore'] = get_handler('PREROUTING', 'VYATTA_CT_HELPER') + nat['pre_ct_conntrack'] = get_handler('PREROUTING', 'NAT_CONNTRACK') + nat['out_ct_ignore'] = get_handler('OUTPUT', 'VYATTA_CT_HELPER') + nat['out_ct_conntrack'] = get_handler('OUTPUT', 'NAT_CONNTRACK') + + nat['deleted'] = True + + return nat else: conf.set_level(['nat']) + # Retrieve current table handler positions nat['pre_ct_ignore'] = get_handler('PREROUTING', 'VYATTA_CT_IGNORE') nat['pre_ct_conntrack'] = get_handler('PREROUTING', 'VYATTA_CT_PREROUTING_HOOK') nat['out_ct_ignore'] = get_handler('OUTPUT', 'VYATTA_CT_IGNORE') @@ -158,7 +169,8 @@ def get_config(): return nat def verify(nat): - if not nat: + if nat['deleted']: + # no need to verify the CLI as NAT is going to be deactivated return None if not (nat['pre_ct_ignore'] or nat['pre_ct_conntrack'] or nat['out_ct_ignore'] or nat['out_ct_conntrack']): @@ -172,18 +184,13 @@ def verify(nat): return None def generate(nat): - if not nat: - return None - render(iptables_nat_config, 'firewall/nftables-nat.tmpl', nat, trim_blocks=True, permission=0o755) return None def apply(nat): - if not nat: - return None + cmd(f'{iptables_nat_config}') - call(f'{iptables_nat_config}') return None if __name__ == '__main__': |