Add nftables NAT Action Generation

2025-05-10 18:38:22 +00:00 · 2023-05-13 22:12:35 +02:00 · 2023-05-13 22:12:35 +02:00 · a3ab1c7227
commit a3ab1c7227
parent 93ce84e581
1 changed files with 52 additions and 2 deletions
--- a/internal/nftables/action.go
+++ b/internal/nftables/action.go
@ -3,12 +3,62 @@ package nftables
 import (
 	"nfsense.net/nfsense/internal/definitions/config"
 	"nfsense.net/nfsense/internal/definitions/firewall"
+	"nfsense.net/nfsense/internal/definitions/object"
 )

 func GenerateDestinationNatAction(conf config.Config, rule firewall.DestinationNATRule) string {
-	return ""
+	destination := ""
+
+	if rule.Address != nil {
+		addr := conf.Object.Addresses[*rule.Address]
+
+		if addr.Type == object.Host {
+			destination = addr.Host.String()
+		} else {
+			panic("invalid address type")
+		}
+	}
+
+	if rule.Service != nil {
+		serv := conf.Object.Services[*rule.Service]
+
+		if serv.Type == object.TCP || serv.Type == object.UDP {
+			destination += ":" + serv.GetDPort()
+		} else {
+			panic("invalid service type")
+		}
+	}
+	return "dnat to " + destination
 }

 func GenerateSourceNatAction(conf config.Config, rule firewall.SourceNATRule) string {
-	return ""
+	if rule.Type == firewall.Masquerade {
+		return "masqerade"
+	}
+
+	source := ""
+
+	if rule.Address != nil {
+		addr := conf.Object.Addresses[*rule.Address]
+
+		if addr.Type == object.Host {
+			source = addr.Host.String()
+		} else if addr.Type == object.Range {
+			source = addr.Range.String()
+		} else {
+			panic("invalid address type")
+		}
+	}
+
+	if rule.Service != nil {
+		serv := conf.Object.Services[*rule.Service]
+
+		if serv.Type == object.TCP || serv.Type == object.UDP {
+			source += ":" + serv.GetSPort()
+		} else {
+			panic("invalid service type")
+		}
+	}
+
+	return "snat to " + source
 }