diff options
Diffstat (limited to 'data/templates/firewall/nftables-nat66.tmpl')
| -rw-r--r-- | data/templates/firewall/nftables-nat66.tmpl | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/data/templates/firewall/nftables-nat66.tmpl b/data/templates/firewall/nftables-nat66.tmpl index b1a8f7a16..cdaeaad6a 100644 --- a/data/templates/firewall/nftables-nat66.tmpl +++ b/data/templates/firewall/nftables-nat66.tmpl @@ -13,8 +13,20 @@ {% endif %} {% set trns_address = dnat_type + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} {% elif chain == "POSTROUTING" %} +{% if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} +{% if config.translation.address == 'masquerade' %} +{% set trns_address = config.translation.address %} +{% else %} +{% if config.translation.address | is_ip_network %} +{# support 1:1 network translation #} +{% set snat_type = "snat prefix to " %} +{% else %} +{% set snat_type = "snat to " %} +{% endif %} +{% set trns_address = snat_type + config.translation.address %} +{% endif %} +{% endif %} {% set interface = " oifname \"" + config.outbound_interface + "\"" if config.outbound_interface is defined else '' %} -{% set trns_prefix = "snat prefix to " + config.translation.prefix if config.translation is defined and config.translation.prefix is defined and config.translation.prefix is not none %} {% endif %} {% set comment = "NPT-NAT-" + rule %} {% if rule.log %} @@ -35,9 +47,6 @@ {% if dest_address %} {% set output = output + " " + dest_address %} {% endif %} -{% if trns_prefix %} -{% set output = output + " " + trns_prefix %} -{% endif %} {% if trns_address %} {% set output = output + " " + trns_address %} {% endif %} |