From 65acae4868363117697ccefff10d0ef12fae9da4 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 5 Oct 2020 18:42:07 +0200
Subject: nat: T2951: use proper comments for source/destination logging

For both source and destination NAT always the LOG name contained DST - which
is definately false. This has been corrected to use SRC and DST on the
appropriate rules.
---
 data/templates/firewall/nftables-nat.tmpl | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'data')

diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl
index 0c29f536b..286c21859 100644
--- a/data/templates/firewall/nftables-nat.tmpl
+++ b/data/templates/firewall/nftables-nat.tmpl
@@ -28,6 +28,9 @@ add rule ip raw NAT_CONNTRACK counter accept
 {% endif %}
 
 {% macro nat_rule(rule, chain) %}
+{%   set comment  = "" %}
+{%   set base_log = "" %}
+
 {%   set src_addr  = "ip saddr " + rule.source_address if rule.source_address %}
 {%   set dst_addr  = "ip daddr " + rule.dest_address if rule.dest_address %}
 
@@ -45,13 +48,15 @@ add rule ip raw NAT_CONNTRACK counter accept
 {%     set dst_port  = "dport { " + rule.dest_port +" }" if rule.dest_port %}
 {%   endif %}
 
-{%   set comment   = "DST-NAT-" + rule.number %}
-
 {%   if chain == "PREROUTING" %}
+{%     set comment   = "DST-NAT-" + rule.number %}
+{%     set base_log  = "[NAT-DST-" + rule.number %}
 {%     set interface = " iifname \"" + rule.interface_in + "\"" if rule.interface_in is defined and rule.interface_in != 'any' else '' %}
 {%     set trns_addr = "dnat to " + rule.translation_address %}
 
 {%   elif chain == "POSTROUTING" %}
+{%     set comment   = "SRC-NAT-" + rule.number %}
+{%     set base_log  = "[NAT-SRC-" + rule.number %}
 {%     set interface = " oifname \"" + rule.interface_out + "\"" if rule.interface_out is defined and rule.interface_out != 'any' else '' %}
 {%     if rule.translation_address == 'masquerade' %}
 {%       set trns_addr = rule.translation_address %}
@@ -72,7 +77,6 @@ add rule ip raw NAT_CONNTRACK counter accept
 {%   endif %}
 
 {%   if rule.log %}
-{%     set base_log = "[NAT-DST-" + rule.number %}
 {%     if rule.exclude %}
 {%       set log = base_log + "-EXCL]" %}
 {%     elif rule.translation_address == 'masquerade' %}
-- 
cgit v1.2.3