summaryrefslogtreecommitdiff
path: root/data/templates/firewall
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/firewall')
-rw-r--r--data/templates/firewall/nftables-nat66.tmpl21
1 files changed, 0 insertions, 21 deletions
diff --git a/data/templates/firewall/nftables-nat66.tmpl b/data/templates/firewall/nftables-nat66.tmpl
index 45506ca09..b1a8f7a16 100644
--- a/data/templates/firewall/nftables-nat66.tmpl
+++ b/data/templates/firewall/nftables-nat66.tmpl
@@ -1,10 +1,8 @@
#!/usr/sbin/nft -f
{% macro nptv6_rule(rule,config, chain) %}
-
{% set src_prefix = "ip6 saddr " + config.source.prefix if config.source is defined and config.source.prefix is defined and config.source.prefix is not none %}
{% set dest_address = "ip6 daddr " + config.destination.address if config.destination is defined and config.destination.address is defined and config.destination.address is not none %}
-
{% if chain == "PREROUTING" %}
{% set interface = " iifname \"" + config.inbound_interface + "\"" if config.inbound_interface is defined and config.inbound_interface != 'any' else '' %}
{% if config.translation.address | is_ip_network %}
@@ -26,49 +24,35 @@
{% set output = "add rule ip6 nat " + chain + interface %}
{# Count packets #}
{% set output = output + " counter" %}
-
{# Special handling of log option, we must repeat the entire rule before the #}
{# NAT translation options are added, this is essential #}
{% if log %}
{% set log_output = output + " log prefix \"" + log + "\" comment \"" + comment + "\"" %}
{% endif %}
-
{% if src_prefix %}
{% set output = output + " " + src_prefix %}
{% endif %}
-
-
{% if dest_address %}
{% set output = output + " " + dest_address %}
{% endif %}
-
{% if trns_prefix %}
{% set output = output + " " + trns_prefix %}
{% endif %}
-
{% if trns_address %}
{% set output = output + " " + trns_address %}
{% endif %}
-
-
{% if comment %}
{% set output = output + " comment \"" + comment + "\"" %}
{% endif %}
-
{{ log_output if log_output }}
{{ output }}
{% endmacro %}
# Start with clean NAT table
flush table ip6 nat
-
{% if helper_functions == 'remove' %}
{# NAT if going to be disabled - remove rules and targets from nftables #}
-
-
-
{% set base_command = "delete rule ip6 raw" %}
-
{{base_command}} PREROUTING handle {{ pre_ct_conntrack }}
{{base_command}} OUTPUT handle {{ out_ct_conntrack }}
@@ -78,13 +62,9 @@ delete chain ip6 raw NAT_CONNTRACK
{# NAT if enabled - add targets to nftables #}
add chain ip6 raw NAT_CONNTRACK
add rule ip6 raw NAT_CONNTRACK counter accept
-
{% set base_command = "add rule ip6 raw" %}
-
-
{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK
{{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK
-
{% endif %}
#
@@ -95,7 +75,6 @@ add rule ip6 raw NAT_CONNTRACK counter accept
{{ nptv6_rule(rule, config, 'PREROUTING') }}
{% endfor %}
{% endif %}
-
#
# Source NAT66 rules build up here
#