rezometz/firewall
9
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Nat ICMP

Browse source
This commit is contained in:
Hugo Levy-Falk 2019-05-06 21:46:13 +02:00 committed by root
parent f0c2d3bf50
commit 578d5aa51a
1 changed files with 16 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
firewall.py
View file

@ -607,6 +607,12 @@ def get_ip_iterable_from_str(ip):
class NAT: class NAT:
PROTOCOLS = (
'tcp',
'udp',
'icmp'
)
def __init__(self, def __init__(self,
name, name,
range_in, range_in,
@ -648,22 +654,16 @@ class NAT:
grp: The name of the group grp: The name of the group
ports: The port range (str) ports: The port range (str)
""" """
CommandExec.run([ for protocol in self.PROTOCOLS:
*self.nft, CommandExec.run([
"add rule ip nat {name}_nat ip saddr @{name}_nat_port_{grp} ip protocol tcp snat ip saddr map @{name}_nat_address : {ports}".format( *self.nft,
name=self.name, "add rule ip nat {name}_nat ip saddr @{name}_nat_port_{grp} ip protocol {protocol} snat ip saddr map @{name}_nat_address : {ports}".format(
grp=grp, protocol=protocol,
ports=ports name=self.name,
) grp=grp,
]) ports=ports
CommandExec.run([ )
*self.nft, ])
"add rule ip nat {name}_nat ip saddr @{name}_nat_port_{grp} ip protocol udp snat ip saddr map @{name}_nat_address : {ports}".format(
name=self.name,
grp=grp,
ports=ports
)
])
def manage(self): def manage(self):
"""Creates the port sets, ip map and rules """Creates the port sets, ip map and rules