From 166d44b32813c9dd64c3857beaf5eac8382b2d6d Mon Sep 17 00:00:00 2001 From: Igor Melnyk Date: Sat, 26 Jun 2021 10:48:54 +0300 Subject: nat: T1083: add translation options for persistent/random mapping of address and port Tested using: set destination rule 100 inbound-interface 'eth0' set destination rule 100 translation address '19.13.23.42' set destination rule 100 translation options address-mapping 'random' set destination rule 100 translation options port-mapping 'none' set source rule 1000 outbound-interface 'eth0' set source rule 1000 translation address '122.233.231.12' set source rule 1000 translation options address-mapping 'persistent' set source rule 1000 translation options port-mapping 'fully-random' --- data/templates/firewall/nftables-nat.tmpl | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'data') diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl index b80fc1968..e2776e9c2 100644 --- a/data/templates/firewall/nftables-nat.tmpl +++ b/data/templates/firewall/nftables-nat.tmpl @@ -73,6 +73,26 @@ {% set trns_addr = 'return' %} {% set trns_port = '' %} {% endif %} +{# T1083: NAT address and port translation options #} +{% if config.translation.options is defined and config.translation.options is not none %} +{% if config.translation.options.address_mapping is defined and config.translation.options.address_mapping == "persistent" %} +{% set trns_opts_addr = 'persistent' %} +{% endif %} +{% if config.translation.options.port_mapping is defined %} +{% if config.translation.options.port_mapping == "random" %} +{% set trns_opts_port = 'random' %} +{% elif config.translation.options.port_mapping == "fully-random" %} +{% set trns_opts_port = 'fully-random' %} +{% endif %} +{% endif %} +{% endif %} +{% if trns_opts_addr and trns_opts_port %} +{% set trns_opts = trns_opts_addr + ',' + trns_opts_port %} +{% elif trns_opts_addr %} +{% set trns_opts = trns_opts_addr %} +{% elif trns_opts_port %} +{% set trns_opts = trns_opts_port %} +{% endif %} {% set output = 'add rule ip nat ' + chain + interface %} {% if protocol != 'all' %} {% set output = output + ' ip protocol ' + protocol %} @@ -104,6 +124,9 @@ {# e.g. 192.0.2.10:3389 #} {% set output = output + trns_port %} {% endif %} +{% if trns_opts %} +{% set output = output + ' ' + trns_opts %} +{% endif %} {% if comment %} {% set output = output + ' comment "' + comment + '"' %} {% endif %} -- cgit v1.2.3