Nat ICMP

2019-05-06 21:46:13 +02:00 · 2019-05-06 21:46:13 +02:00 · 578d5aa51a
parent f0c2d3bf50
commit 578d5aa51a
1 changed files with 16 additions and 16 deletions
--- a/firewall.py
+++ b/firewall.py
@ -607,6 +607,12 @@ def get_ip_iterable_from_str(ip):

 class NAT:

+    PROTOCOLS = (
+            'tcp',
+            'udp',
+            'icmp'
+    )
+
    def __init__(self,
                 name,
                 range_in,
@ -648,22 +654,16 @@ class NAT:
            grp: The name of the group
            ports: The port range (str)
        """
-        CommandExec.run([
-            *self.nft,
-            "add rule ip nat {name}_nat ip saddr @{name}_nat_port_{grp} ip protocol tcp snat ip saddr map @{name}_nat_address : {ports}".format(
-                name=self.name,
-                grp=grp,
-                ports=ports
-            )
-        ])
-        CommandExec.run([
-            *self.nft,
-            "add rule ip nat {name}_nat ip saddr @{name}_nat_port_{grp} ip protocol udp snat ip saddr map @{name}_nat_address : {ports}".format(
-                name=self.name,
-                grp=grp,
-                ports=ports
-            )
-        ])
+        for protocol in self.PROTOCOLS:
+            CommandExec.run([
+                *self.nft,
+                "add rule ip nat {name}_nat ip saddr @{name}_nat_port_{grp} ip protocol {protocol} snat ip saddr map @{name}_nat_address : {ports}".format(
+                    protocol=protocol,
+                    name=self.name,
+                    grp=grp,
+                    ports=ports
+                )
+            ])

    def manage(self):
        """Creates the port sets, ip map and rules