feat(nat): Allow unspecified NAT protocols

8 months ago · eb3865cb23
parent d76b0d2bb4
commit eb3865cb23
1 changed files with 8 additions and 7 deletions
--- a/firewall.py
+++ b/firewall.py
@ -175,7 +175,7 @@ class SNat(RestrictiveBaseModel):


 class Nat(RestrictiveBaseModel):
-    protocols: set[str] = {"icmp", "udp", "tcp"}
+    protocols: set[str] | None = {"icmp", "udp", "tcp"}
    src: AutoSet[IPv4Network | ZoneName]
    dst: AutoSet[IPv4Network | ZoneName]
    snat: SNat
@ -573,13 +573,14 @@ def parse_nat(nat: list[Nat], zones: Zones) -> nft.Table:
                    )
                )

-        rule.stmts.append(
-            nft.Match(
-                op="==",
-                left=nft.Payload(protocol="ip", field="protocol"),
-                right=entry.protocols,
+        if entry.protocols is not None:
+            rule.stmts.append(
+                nft.Match(
+                    op="==",
+                    left=nft.Payload(protocol="ip", field="protocol"),
+                    right=entry.protocols,
+                )
            )
-        )

        rule.stmts.append(
            nft.Snat(