3 files changed, 32 insertions, 1 deletions

diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i
index 8f2029388..7b3b8804e 100644
--- a/interface-definitions/include/nat-rule.xml.i
+++ b/interface-definitions/include/nat-rule.xml.i
@@ -31,6 +31,33 @@
         <valueless/>
       </properties>
     </leafNode>
+    <leafNode name="packet-type">
+      <properties>
+        <help>Packet type</help>
+        <completionHelp>
+          <list>broadcast host multicast other</list>
+        </completionHelp>
+        <valueHelp>
+          <format>broadcast</format>
+          <description>Match broadcast packet type</description>
+        </valueHelp>
+        <valueHelp>
+          <format>host</format>
+          <description>Match host packet type, addressed to local host</description>
+        </valueHelp>
+        <valueHelp>
+          <format>multicast</format>
+          <description>Match multicast packet type</description>
+        </valueHelp>
+        <valueHelp>
+          <format>other</format>
+          <description>Match packet addressed to another host</description>
+        </valueHelp>
+        <constraint>
+          <regex>(broadcast|host|multicast|other)</regex>
+        </constraint>
+      </properties>
+    </leafNode>
     <leafNode name="protocol">
       <properties>
         <help>Protocol to NAT</help>
diff --git a/python/vyos/nat.py b/python/vyos/nat.py
index 8a311045a..53fd7fb33 100644
--- a/python/vyos/nat.py
+++ b/python/vyos/nat.py
@@ -47,6 +47,9 @@ def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False):
             protocol = '{ tcp, udp }'
         output.append(f'meta l4proto {protocol}')
 
+    if 'packet_type' in rule_conf:
+        output.append(f'pkttype ' + rule_conf['packet_type'])
+
     if 'exclude' in rule_conf:
         translation_str = 'return'
         log_suffix = '-EXCL'
diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py
index 9f4e3b831..1f2b777a8 100755
--- a/smoketest/scripts/cli/test_nat.py
+++ b/smoketest/scripts/cli/test_nat.py
@@ -194,12 +194,13 @@ class TestNAT(VyOSUnitTestSHIM.TestCase):
         self.cli_set(dst_path + ['rule', '1', 'inbound-interface', 'eth1'])
         self.cli_set(dst_path + ['rule', '1', 'destination', 'port', '443'])
         self.cli_set(dst_path + ['rule', '1', 'protocol', 'tcp'])
+        self.cli_set(dst_path + ['rule', '1', 'packet-type', 'host'])
         self.cli_set(dst_path + ['rule', '1', 'translation', 'port', '443'])
 
         self.cli_commit()
 
         nftables_search = [
-            ['iifname "eth1"', 'tcp dport 443', 'dnat to :443']
+            ['iifname "eth1"', 'tcp dport 443', 'pkttype host', 'dnat to :443']
         ]
 
         self.verify_nftables(nftables_search, 'ip vyos_nat')