mirror of
https://github.com/speatzle/nfsense.git
synced 2025-05-10 18:38:22 +00:00
Implement Source and Destination Nat Action Generation
This commit is contained in:
parent
d95f2d9f01
commit
1cef7cfac4
1 changed files with 47 additions and 18 deletions
|
@ -145,18 +145,41 @@ fn generate_service_matchers(services: Vec<Service>) -> Result<Vec<String>, Appl
|
||||||
Ok(list)
|
Ok(list)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn generate_destination_nat_action(
|
fn generate_nat_action(
|
||||||
dnat_address: Option<Address>,
|
address: Option<Address>,
|
||||||
dnat_service: Option<Service>,
|
service: Option<Service>,
|
||||||
) -> Result<String, ApplyError> {
|
) -> Result<String, ApplyError> {
|
||||||
Ok("".to_string())
|
let mut action;
|
||||||
}
|
match address {
|
||||||
|
Some(a) => {
|
||||||
|
action = "ip to ".to_string()
|
||||||
|
+ &match a.address_type {
|
||||||
|
AddressType::Host { address } => address.to_string(),
|
||||||
|
_ => panic!("Invalid AddressType as Nat Action"),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
None => match service {
|
||||||
|
Some(_) => action = "to ".to_string(),
|
||||||
|
None => panic!("Address and Service can't both be None for Nat Action"),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
fn generate_source_nat_action(
|
match service {
|
||||||
snat_address: Option<Address>,
|
Some(s) => match s.service_type {
|
||||||
snat_service: Option<Service>,
|
ServiceType::TCP { destination, .. } | ServiceType::UDP { destination, .. } => {
|
||||||
) -> Result<String, ApplyError> {
|
match destination {
|
||||||
Ok("".to_string())
|
PortDefinition::Single { port } => {
|
||||||
|
action += ":";
|
||||||
|
action += &port.to_string()
|
||||||
|
}
|
||||||
|
_ => panic!("Destination Port Definition must be Single for Nat Action"),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
_ => panic!("ServiceType must be TCP or UDP for Nat Action"),
|
||||||
|
},
|
||||||
|
None => (),
|
||||||
|
}
|
||||||
|
Ok(action)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn apply_nftables(pending_config: Config, _current_config: Config) -> Result<(), ApplyError> {
|
pub fn apply_nftables(pending_config: Config, _current_config: Config) -> Result<(), ApplyError> {
|
||||||
|
@ -197,10 +220,13 @@ pub fn apply_nftables(pending_config: Config, _current_config: Config) -> Result
|
||||||
)?,
|
)?,
|
||||||
services: generate_service_matchers(rule.services(pending_config.clone()))?,
|
services: generate_service_matchers(rule.services(pending_config.clone()))?,
|
||||||
verdict: None,
|
verdict: None,
|
||||||
destination_nat_action: Some(generate_destination_nat_action(
|
destination_nat_action: Some(
|
||||||
rule.dnat_address(pending_config.clone()),
|
"dnat ".to_string()
|
||||||
rule.dnat_service(pending_config.clone()),
|
+ &generate_nat_action(
|
||||||
)?),
|
rule.dnat_address(pending_config.clone()),
|
||||||
|
rule.dnat_service(pending_config.clone()),
|
||||||
|
)?,
|
||||||
|
),
|
||||||
source_nat_action: None,
|
source_nat_action: None,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
@ -221,10 +247,13 @@ pub fn apply_nftables(pending_config: Config, _current_config: Config) -> Result
|
||||||
destination_nat_action: None,
|
destination_nat_action: None,
|
||||||
source_nat_action: Some(match rule.snat_type.clone() {
|
source_nat_action: Some(match rule.snat_type.clone() {
|
||||||
SNATType::Masquerade => "masquerade".to_string(),
|
SNATType::Masquerade => "masquerade".to_string(),
|
||||||
SNATType::SNAT { .. } => generate_source_nat_action(
|
SNATType::SNAT { .. } => {
|
||||||
rule.snat_type.address(pending_config.clone()),
|
"snat ".to_string()
|
||||||
rule.snat_type.service(pending_config.clone()),
|
+ &generate_nat_action(
|
||||||
)?,
|
rule.snat_type.address(pending_config.clone()),
|
||||||
|
rule.snat_type.service(pending_config.clone()),
|
||||||
|
)?
|
||||||
|
}
|
||||||
}),
|
}),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Reference in a new issue