summaryrefslogtreecommitdiff
path: root/src/conf_mode/nat.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode/nat.py')
-rwxr-xr-xsrc/conf_mode/nat.py15
1 files changed, 8 insertions, 7 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index 8fd8272d2..4d739068f 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -64,6 +64,7 @@ def get_handler(json, chain, target):
def verify_rule(rule, err_msg):
+ """ Common verify steps used for both source and destination NAT """
if rule['translation_port'] or rule['dest_port']:
if rule['protocol'] not in ['tcp', 'udp', 'tcp_udp']:
proto = rule['protocol']
@@ -75,6 +76,13 @@ def verify_rule(rule, err_msg):
'statically maps a whole network of addresses onto another\n' \
'network of addresses')
+ if not rule['translation_address']:
+ raise ConfigError(f'{err_msg} translation address not specified')
+ else:
+ addr = rule['translation_address']
+ if addr != 'masquerade' and not is_addr_assigned(addr):
+ print(f'Warning: IP address {addr} does not exist on the system!')
+
def parse_source_destination(conf, source_dest):
""" Common wrapper to read in both NAT source and destination CLI """
@@ -209,13 +217,6 @@ def verify(nat):
if not rule['interface_out']:
raise ConfigError(f'{err_msg} outbound-interface not specified')
- if not rule['translation_address']:
- raise ConfigError(f'{err_msg} translation address not specified')
- else:
- addr = rule['translation_address']
- if addr != 'masquerade' and not is_addr_assigned(addr):
- printf(f'Warning: IP address {addr} does not exist on the system!')
-
# common rule verification
verify_rule(rule, err_msg)