aurore/firewall
10
0
Fork 0
Code Issues Pull requests Releases Activity

feat(nat): Allow unspecified NAT protocols

Browse source
This commit is contained in:
v-lafeychine 2023-09-07 21:44:13 +02:00
parent d76b0d2bb4
commit eb3865cb23
Signed by: v-lafeychine
GPG key ID: F46CAAD27C7AB0D5
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
firewall.py
View file

@ -175,7 +175,7 @@ class SNat(RestrictiveBaseModel):
class Nat(RestrictiveBaseModel): class Nat(RestrictiveBaseModel):
protocols: set[str] = {"icmp", "udp", "tcp"} protocols: set[str] | None = {"icmp", "udp", "tcp"}
src: AutoSet[IPv4Network | ZoneName] src: AutoSet[IPv4Network | ZoneName]
dst: AutoSet[IPv4Network | ZoneName] dst: AutoSet[IPv4Network | ZoneName]
snat: SNat snat: SNat
@ -573,13 +573,14 @@ def parse_nat(nat: list[Nat], zones: Zones) -> nft.Table:
) )
) )
rule.stmts.append( if entry.protocols is not None:
nft.Match( rule.stmts.append(
op="==", nft.Match(
left=nft.Payload(protocol="ip", field="protocol"), op="==",
right=entry.protocols, left=nft.Payload(protocol="ip", field="protocol"),
right=entry.protocols,
)
) )
)
rule.stmts.append( rule.stmts.append(
nft.Snat( nft.Snat(