1 files changed, 12 insertions, 21 deletions

diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index b0a029f2b..dd34dfd66 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -24,13 +24,17 @@ from netifaces import interfaces
 
 from vyos.config import Config
 from vyos.template import render
-from vyos.util import call, cmd
+from vyos.util import call
+from vyos.util import cmd
+from vyos.util import check_kmod
 from vyos.validate import is_addr_assigned
 from vyos import ConfigError
 
 from vyos import airbag
 airbag.enable()
 
+k_mod = ['nft_nat', 'nft_chain_nat_ipv4']
+
 default_config_data = {
     'deleted': False,
     'destination': [],
@@ -44,15 +48,6 @@ default_config_data = {
 
 iptables_nat_config = '/tmp/vyos-nat-rules.nft'
 
-def _check_kmod():
-    """ load required Kernel modules """
-    modules = ['nft_nat', 'nft_chain_nat_ipv4']
-    for module in modules:
-        if not os.path.exists(f'/sys/module/{module}'):
-            if call(f'modprobe {module}') != 0:
-                raise ConfigError(f'Loading Kernel module {module} failed')
-
-
 def get_handler(json, chain, target):
     """ Get nftable rule handler number of given chain/target combination.
     Handler is required when adding NAT/Conntrack helper targets """
@@ -79,9 +74,6 @@ def verify_rule(rule, err_msg):
                              'statically maps a whole network of addresses onto another\n' \
                              'network of addresses')
 
-    if not rule['translation_address']:
-        raise ConfigError(f'{err_msg} translation address not specified')
-
 
 def parse_configuration(conf, source_dest):
     """ Common wrapper to read in both NAT source and destination CLI """
@@ -228,10 +220,10 @@ def verify(nat):
 
     for rule in nat['source']:
         interface = rule['interface_out']
-        err_msg = f"Source NAT configuration error in rule {rule['number']}:"
+        err_msg = f'Source NAT configuration error in rule "{rule["number"]}":'
 
-        if interface and interface not in interfaces():
-            print(f'NAT configuration warning: interface {interface} does not exist on this system')
+        if interface and interface not in 'any' and interface not in interfaces():
+            print(f'Warning: rule "{rule["number"]}" interface "{interface}" does not exist on this system')
 
         if not rule['interface_out']:
             raise ConfigError(f'{err_msg} outbound-interface not specified')
@@ -246,10 +238,10 @@ def verify(nat):
 
     for rule in nat['destination']:
         interface = rule['interface_in']
-        err_msg = f"Destination NAT configuration error in rule {rule['number']}:"
+        err_msg = f'Destination NAT configuration error in rule "{rule["number"]}":'
 
-        if interface and interface not in interfaces():
-            print(f'NAT configuration warning: interface {interface} does not exist on this system')
+        if interface and interface not in 'any' and interface not in interfaces():
+            print(f'Warning: rule "{rule["number"]}" interface "{interface}" does not exist on this system')
 
         if not rule['interface_in']:
             raise ConfigError(f'{err_msg} inbound-interface not specified')
@@ -261,7 +253,6 @@ def verify(nat):
 
 def generate(nat):
     render(iptables_nat_config, 'firewall/nftables-nat.tmpl', nat, trim_blocks=True, permission=0o755)
-
     return None
 
 def apply(nat):
@@ -273,7 +264,7 @@ def apply(nat):
 
 if __name__ == '__main__':
     try:
-        _check_kmod()
+        check_kmod(k_mod)
         c = get_config()
         verify(c)
         generate(c)