summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-10-26 16:57:51 +0200
committerGitHub <noreply@github.com>2022-10-26 16:57:51 +0200
commita61e1a78fe116bb44fe55be3493de7c4dbe8db97 (patch)
treefcc18784759f8b75ca51dbc2fd253140059cdaa4 /src
parent2e3e25514004f11d2238793752536fbc43f4bbf4 (diff)
parent16207f7a8ffdbc93fcfcc4b6ba783940a1e40e33 (diff)
downloadvyos-1x-a61e1a78fe116bb44fe55be3493de7c4dbe8db97.tar.gz
vyos-1x-a61e1a78fe116bb44fe55be3493de7c4dbe8db97.zip
Merge pull request #1618 from sarthurdev/T4764
nat: T4764: Remove NAT tables on node deletion
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/nat.py12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index 8b1a5a720..978c043e9 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -146,6 +146,10 @@ def verify(nat):
if config['outbound_interface'] not in 'any' and config['outbound_interface'] not in interfaces():
Warning(f'rule "{rule}" interface "{config["outbound_interface"]}" does not exist on this system')
+ if not dict_search('translation.address', config) and not dict_search('translation.port', config):
+ if 'exclude' not in config:
+ raise ConfigError(f'{err_msg} translation requires address and/or port')
+
addr = dict_search('translation.address', config)
if addr != None and addr != 'masquerade' and not is_ip_network(addr):
for ip in addr.split('-'):
@@ -166,6 +170,10 @@ def verify(nat):
elif config['inbound_interface'] not in 'any' and config['inbound_interface'] not in interfaces():
Warning(f'rule "{rule}" interface "{config["inbound_interface"]}" does not exist on this system')
+ if not dict_search('translation.address', config) and not dict_search('translation.port', config):
+ if 'exclude' not in config:
+ raise ConfigError(f'{err_msg} translation requires address and/or port')
+
# common rule verification
verify_rule(config, err_msg)
@@ -204,6 +212,10 @@ def apply(nat):
cmd(f'nft -f {nftables_nat_config}')
cmd(f'nft -f {nftables_static_nat_conf}')
+ if not nat or 'deleted' in nat:
+ os.unlink(nftables_nat_config)
+ os.unlink(nftables_static_nat_conf)
+
return None
if __name__ == '__main__':