diff options
-rwxr-xr-x | src/conf_mode/nat.py | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 8fd8272d2..4d739068f 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -64,6 +64,7 @@ def get_handler(json, chain, target): def verify_rule(rule, err_msg): + """ Common verify steps used for both source and destination NAT """ if rule['translation_port'] or rule['dest_port']: if rule['protocol'] not in ['tcp', 'udp', 'tcp_udp']: proto = rule['protocol'] @@ -75,6 +76,13 @@ def verify_rule(rule, err_msg): 'statically maps a whole network of addresses onto another\n' \ 'network of addresses') + if not rule['translation_address']: + raise ConfigError(f'{err_msg} translation address not specified') + else: + addr = rule['translation_address'] + if addr != 'masquerade' and not is_addr_assigned(addr): + print(f'Warning: IP address {addr} does not exist on the system!') + def parse_source_destination(conf, source_dest): """ Common wrapper to read in both NAT source and destination CLI """ @@ -209,13 +217,6 @@ def verify(nat): if not rule['interface_out']: raise ConfigError(f'{err_msg} outbound-interface not specified') - if not rule['translation_address']: - raise ConfigError(f'{err_msg} translation address not specified') - else: - addr = rule['translation_address'] - if addr != 'masquerade' and not is_addr_assigned(addr): - printf(f'Warning: IP address {addr} does not exist on the system!') - # common rule verification verify_rule(rule, err_msg) |