From 3a9e7eafe53108c183cf1f9f2b475f1419236956 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Fri, 5 Aug 2022 17:53:13 +0000
Subject: nat66: T4598: Add exclude options in nat66

---
 data/templates/firewall/nftables-nat66.j2 | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'data/templates/firewall/nftables-nat66.j2')

diff --git a/data/templates/firewall/nftables-nat66.j2 b/data/templates/firewall/nftables-nat66.j2
index ca19506f2..2fe04b4ff 100644
--- a/data/templates/firewall/nftables-nat66.j2
+++ b/data/templates/firewall/nftables-nat66.j2
@@ -63,6 +63,10 @@
 {% if dest_address is vyos_defined %}
 {%     set output = output ~ ' ' ~ dest_address %}
 {% endif %}
+{% if config.exclude is vyos_defined %}
+{#     rule has been marked as 'exclude' thus we simply return here #}
+{%     set trns_address = 'return' %}
+{% endif %}
 {% if trns_address is vyos_defined %}
 {%     set output = output ~ ' ' ~ trns_address %}
 {% endif %}
-- 
cgit v1.2.3