From 9eab0cdd0bbea0f899af5a7d68cc63523a12a703 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 1 May 2022 20:08:28 +0200
Subject: firewall: T4353: fix Jinja2 linting errors

---
 data/templates/firewall/nftables-nat66.tmpl | 102 ----------------------------
 1 file changed, 102 deletions(-)
 delete mode 100644 data/templates/firewall/nftables-nat66.tmpl

(limited to 'data/templates/firewall/nftables-nat66.tmpl')

diff --git a/data/templates/firewall/nftables-nat66.tmpl b/data/templates/firewall/nftables-nat66.tmpl
deleted file mode 100644
index ed98b888a..000000000
--- a/data/templates/firewall/nftables-nat66.tmpl
+++ /dev/null
@@ -1,102 +0,0 @@
-#!/usr/sbin/nft -f
-
-{% macro nptv6_rule(rule,config, chain) %}
-{%   set comment  = '' %}
-{%   set base_log = '' %}
-{%   set src_prefix  = 'ip6 saddr ' ~ config.source.prefix if config.source.prefix is vyos_defined %}
-{%   set dest_address  = 'ip6 daddr ' ~ config.destination.address if config.destination.address is vyos_defined %}
-{%   if chain is vyos_defined('PREROUTING') %}
-{%     set comment   = 'DST-NAT66-' ~ rule %}
-{%     set base_log  = '[NAT66-DST-' ~ rule %}
-{%     set interface = ' iifname "' ~ config.inbound_interface ~ '"' if config.inbound_interface is vyos_defined and config.inbound_interface is not vyos_defined('any') else '' %}
-{%     if config.translation.address | is_ip_network %}
-{#       support 1:1 network translation #}
-{%       set dnat_type = 'dnat prefix to ' %}
-{%     else   %}
-{%       set dnat_type = 'dnat to ' %}
-{%     endif %}
-{%     set trns_address = dnat_type ~ config.translation.address if config.translation.address is vyos_defined %}
-{%   elif chain is vyos_defined('POSTROUTING') %}
-{%     set comment   = 'SRC-NAT66-' ~ rule %}
-{%     set base_log  = '[NAT66-SRC-' ~ rule %}
-{%     if config.translation.address is vyos_defined %}
-{%         if config.translation.address is vyos_defined('masquerade') %}
-{%             set trns_address = config.translation.address %}
-{%         else %}
-{%             if config.translation.address | is_ip_network %}
-{#                 support 1:1 network translation #}
-{%                 set snat_type = 'snat prefix to ' %}
-{%             else   %}
-{%                 set snat_type = 'snat to ' %}
-{%             endif %}
-{%             set trns_address = snat_type ~ config.translation.address %}
-{%         endif %}
-{%     endif   %}
-{%     set interface = ' oifname "' ~ config.outbound_interface ~ '"' if config.outbound_interface is vyos_defined else '' %}
-{%   endif %}
-{%   if config.log is vyos_defined %}
-{%     if config.translation.address is vyos_defined('masquerade') %}
-{%       set log = base_log +'-MASQ]' %}
-{%     else %}
-{%       set log = base_log ~ ']' %}
-{%     endif %}
-{%   endif %}
-{%   set output = 'add rule ip6 nat ' ~ chain ~ interface %}
-{#   Count packets #}
-{%   set output = output ~ ' counter' %}
-{#   Special handling of log option, we must repeat the entire rule before the #}
-{#   NAT translation options are added, this is essential                      #}
-{%   if log is vyos_defined %}
-{%     set log_output = output ~ ' log prefix "' ~ log ~ '" comment "' ~ comment ~ '"' %}
-{%   endif %}
-{%   if src_prefix is vyos_defined %}
-{%     set output = output ~ ' ' ~ src_prefix %}
-{%   endif %}
-{%   if dest_address is vyos_defined %}
-{%     set output = output ~ ' ' ~ dest_address %}
-{%   endif %}
-{%   if trns_address is vyos_defined %}
-{%     set output = output ~ ' ' ~ trns_address %}
-{%   endif %}
-{%   if comment is vyos_defined %}
-{%     set output = output ~ ' comment "' ~ comment ~ '"' %}
-{%   endif %}
-{{ log_output if log_output is vyos_defined }}
-{{ output }}
-{% endmacro %}
-
-# Start with clean NAT table
-flush table ip6 nat
-{% if helper_functions is vyos_defined('remove') %}
-{# NAT if going to be disabled - remove rules and targets from nftables #}
-{%   set base_command = 'delete rule ip6 raw' %}
-{{base_command}} PREROUTING handle {{ pre_ct_conntrack }}
-{{base_command}} OUTPUT handle {{ out_ct_conntrack }}
-
-delete chain ip6 raw NAT_CONNTRACK
-
-{% elif helper_functions is vyos_defined('add') %}
-{# NAT if enabled - add targets to nftables #}
-add chain ip6 raw NAT_CONNTRACK
-add rule ip6 raw NAT_CONNTRACK counter accept
-{%   set base_command = 'add rule ip6 raw' %}
-{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK
-{{ base_command }} OUTPUT     position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK
-{% endif %}
-
-#
-# Destination NAT66 rules build up here
-#
-{% if destination.rule is vyos_defined %}
-{%   for rule, config in destination.rule.items() if config.disable is not vyos_defined %}
-{{ nptv6_rule(rule, config, 'PREROUTING') }}
-{%   endfor %}
-{% endif %}
-#
-# Source NAT66 rules build up here
-#
-{% if source.rule is vyos_defined %}
-{%   for rule, config in source.rule.items() if config.disable is not vyos_defined %}
-{{ nptv6_rule(rule, config, 'POSTROUTING') }}
-{%   endfor %}
-{% endif %}
-- 
cgit v1.2.3