From b2ead2d037b860f0a6a12b177e70e5d698fd00e8 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 15 May 2020 21:19:18 +0200 Subject: nat: T2198: verify translation address for SNAT and DNAT --- src/conf_mode/nat.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 8fd8272d2..4d739068f 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -64,6 +64,7 @@ def get_handler(json, chain, target): def verify_rule(rule, err_msg): + """ Common verify steps used for both source and destination NAT """ if rule['translation_port'] or rule['dest_port']: if rule['protocol'] not in ['tcp', 'udp', 'tcp_udp']: proto = rule['protocol'] @@ -75,6 +76,13 @@ def verify_rule(rule, err_msg): 'statically maps a whole network of addresses onto another\n' \ 'network of addresses') + if not rule['translation_address']: + raise ConfigError(f'{err_msg} translation address not specified') + else: + addr = rule['translation_address'] + if addr != 'masquerade' and not is_addr_assigned(addr): + print(f'Warning: IP address {addr} does not exist on the system!') + def parse_source_destination(conf, source_dest): """ Common wrapper to read in both NAT source and destination CLI """ @@ -209,13 +217,6 @@ def verify(nat): if not rule['interface_out']: raise ConfigError(f'{err_msg} outbound-interface not specified') - if not rule['translation_address']: - raise ConfigError(f'{err_msg} translation address not specified') - else: - addr = rule['translation_address'] - if addr != 'masquerade' and not is_addr_assigned(addr): - printf(f'Warning: IP address {addr} does not exist on the system!') - # common rule verification verify_rule(rule, err_msg) -- cgit v1.2.3