diff options
author | Ginko <152240782+Giggum@users.noreply.github.com> | 2024-05-29 14:27:22 -0400 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-05-29 18:29:00 +0000 |
commit | 33c987bf43ad27d7b0a7fd68dbcefa96b1e7b102 (patch) | |
tree | 5dde08e4a72cd9a6906a09fc9a0ac837f1b43331 /src | |
parent | 0bada0f998c551f1b53686de3e93a6de8fd84d37 (diff) | |
download | vyos-1x-33c987bf43ad27d7b0a7fd68dbcefa96b1e7b102.tar.gz vyos-1x-33c987bf43ad27d7b0a7fd68dbcefa96b1e7b102.zip |
nat: T6371: fix op mode display of configured ports when comma separated list of ports/ranges exists
Before: Issuing the op mode command "show nat source rules" will throw an
exception if the user has configured NAT rules using a list of ports as a
comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was
no handling for the "!" rule and so '!53' would display as '53'.
With this PR: Introduced iteration to capture all configured ports and append
to the appropriate string for display to the user as well as handling of '!' if
present in user's configuration.
(cherry picked from commit b7595ee9d328778105c70e3d4399ac45f555b304)
Diffstat (limited to 'src')
-rwxr-xr-x | src/op_mode/nat.py | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/src/op_mode/nat.py b/src/op_mode/nat.py index 4ab524fb7..16a545cda 100755 --- a/src/op_mode/nat.py +++ b/src/op_mode/nat.py @@ -99,6 +99,23 @@ def _get_raw_translation(direction, family, address=None): def _get_formatted_output_rules(data, direction, family): + def _get_ports_for_output(my_dict): + # Get and insert all configured ports or port ranges into output string + for index, port in enumerate(my_dict['set']): + if 'range' in str(my_dict['set'][index]): + output = my_dict['set'][index]['range'] + output = '-'.join(map(str, output)) + else: + output = str(port) + if index == 0: + output = str(output) + else: + output = ','.join([output,output]) + # Handle case where configured ports are a negated list + if my_dict['op'] == '!=': + output = '!' + output + return(output) + # Add default values before loop sport, dport, proto = 'any', 'any', 'any' saddr = '::/0' if family == 'inet6' else '0.0.0.0/0' @@ -126,21 +143,9 @@ def _get_formatted_output_rules(data, direction, family): elif my_dict['field'] == 'daddr': daddr = f'{op}{my_dict["prefix"]["addr"]}/{my_dict["prefix"]["len"]}' elif my_dict['field'] == 'sport': - # Port range or single port - if jmespath.search('set[*].range', my_dict): - sport = my_dict['set'][0]['range'] - sport = '-'.join(map(str, sport)) - else: - sport = my_dict.get('set') - sport = ','.join(map(str, sport)) + sport = _get_ports_for_output(my_dict) elif my_dict['field'] == 'dport': - # Port range or single port - if jmespath.search('set[*].range', my_dict): - dport = my_dict["set"][0]["range"] - dport = '-'.join(map(str, dport)) - else: - dport = my_dict.get('set') - dport = ','.join(map(str, dport)) + dport = _get_ports_for_output(my_dict) else: field = jmespath.search('left.payload.field', match) if field == 'saddr': |