diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-08-28 21:14:00 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-08-28 21:15:00 +0200 |
commit | 0831c666891506d26cf6b4730c88c2e900121d6a (patch) | |
tree | 2912d0c6c806a84feff5ff14421c5432fba7bb41 /src | |
parent | c29ed43a720f0205dbafa26a0048076bba9d7333 (diff) | |
download | vyos-1x-0831c666891506d26cf6b4730c88c2e900121d6a.tar.gz vyos-1x-0831c666891506d26cf6b4730c88c2e900121d6a.zip |
nat: T2813: translation address is mandatory if rule is not excluded
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/nat.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index dd34dfd66..97cd36223 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -232,6 +232,8 @@ def verify(nat): addr = rule['translation_address'] if addr != 'masquerade' and not is_addr_assigned(addr): print(f'Warning: IP address {addr} does not exist on the system!') + elif not rule['exclude']: + raise ConfigError(f'{err_msg} translation address not specified') # common rule verification verify_rule(rule, err_msg) @@ -246,6 +248,9 @@ def verify(nat): if not rule['interface_in']: raise ConfigError(f'{err_msg} inbound-interface not specified') + if not rule['translation_address'] and not rule['exclude']: + raise ConfigError(f'{err_msg} translation address not specified') + # common rule verification verify_rule(rule, err_msg) |