summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/optimize.c7
-rw-r--r--tests/shell/testcases/optimizations/dumps/merge_nat.nft1
-rwxr-xr-xtests/shell/testcases/optimizations/merge_nat1
3 files changed, 9 insertions, 0 deletions
diff --git a/src/optimize.c b/src/optimize.c
index ff4f2627..d60aa8f2 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -370,6 +370,13 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule)
clone->log.prefix = expr_get(stmt->log.prefix);
break;
case STMT_NAT:
+ if ((stmt->nat.addr &&
+ stmt->nat.addr->etype == EXPR_MAP) ||
+ (stmt->nat.proto &&
+ stmt->nat.proto->etype == EXPR_MAP)) {
+ clone->ops = &unsupported_stmt_ops;
+ break;
+ }
clone->nat.type = stmt->nat.type;
clone->nat.family = stmt->nat.family;
if (stmt->nat.addr)
diff --git a/tests/shell/testcases/optimizations/dumps/merge_nat.nft b/tests/shell/testcases/optimizations/dumps/merge_nat.nft
index 32423b22..96e38ccd 100644
--- a/tests/shell/testcases/optimizations/dumps/merge_nat.nft
+++ b/tests/shell/testcases/optimizations/dumps/merge_nat.nft
@@ -14,6 +14,7 @@ table ip test3 {
chain y {
oif "lo" accept
snat to ip saddr . tcp sport map { 1.1.1.1 . 1024-65535 : 3.3.3.3, 2.2.2.2 . 1024-65535 : 4.4.4.4 }
+ oifname "enp2s0" snat ip to ip saddr map { 10.1.1.0/24 : 72.2.3.66-72.2.3.78 }
}
}
table ip test4 {
diff --git a/tests/shell/testcases/optimizations/merge_nat b/tests/shell/testcases/optimizations/merge_nat
index ec9b239c..1484b7d3 100755
--- a/tests/shell/testcases/optimizations/merge_nat
+++ b/tests/shell/testcases/optimizations/merge_nat
@@ -27,6 +27,7 @@ RULESET="table ip test3 {
oif lo accept
ip saddr 1.1.1.1 tcp sport 1024-65535 snat to 3.3.3.3
ip saddr 2.2.2.2 tcp sport 1024-65535 snat to 4.4.4.4
+ oifname enp2s0 snat ip to ip saddr map { 10.1.1.0/24 : 72.2.3.66-72.2.3.78 }
}
}"