blob: 55cc0d4b43dfd63973428fff88d3019b66e1b92e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
#!/bin/bash
set -e
EXPECTED="table ip nat {
map ipportmap {
type ipv4_addr : interval ipv4_addr . inet_service
flags interval
elements = { 192.168.1.2 : 10.141.10.1-10.141.10.3 . 8888-8999 }
}
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
ip protocol tcp dnat ip to ip saddr map @ipportmap
}
}"
$NFT -f - <<< $EXPECTED
$NFT add element ip nat ipportmap { 192.168.2.0/24 : 10.141.11.5-10.141.11.20 . 8888-8999 }
EXPECTED="table ip nat {
map ipportmap2 {
type ipv4_addr . ipv4_addr : interval ipv4_addr . inet_service
flags interval
elements = { 192.168.1.2 . 192.168.2.2 : 127.0.0.1/8 . 42 - 43 }
}
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
ip protocol tcp dnat ip to ip saddr . ip daddr map @ipportmap2
}
}"
$NFT -f - <<< $EXPECTED
EXPECTED="table ip nat {
map fwdtoip_th {
type ipv4_addr . inet_service : interval ipv4_addr . inet_service
flags interval
elements = { 1.2.3.4 . 10000-20000 : 192.168.3.4 . 30000-40000 }
}
}"
$NFT -f - <<< $EXPECTED
$NFT add rule ip nat prerouting meta l4proto { tcp, udp } dnat to ip daddr . th dport map @fwdtoip_th
EXPECTED="table ip nat {
map ipportmap4 {
typeof iifname . ip saddr : interval ip daddr
flags interval
elements = { enp2s0 . 10.1.1.136 : 1.1.2.69, enp2s0 . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 }
}
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
dnat to iifname . ip saddr map @ipportmap4
}
}"
$NFT -f - <<< $EXPECTED
EXPECTED="table ip nat {
map ipportmap5 {
typeof iifname . ip saddr : interval ip daddr . tcp dport
flags interval
elements = { enp2s0 . 10.1.1.136 : 1.1.2.69 . 22, enp2s0 . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 }
}
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
meta l4proto tcp dnat ip to iifname . ip saddr map @ipportmap5
}
}"
$NFT -f - <<< $EXPECTED
|