blob: 757605ee34928480115591a89480187b4380169e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#!/bin/bash
# NFT_TEST_REQUIRES(NFT_TEST_HAVE_pipapo)
EXPECTED="table ip x {
map y {
type ipv4_addr : interval ipv4_addr
flags interval
elements = { 10.141.10.0/24 : 192.168.2.2-192.168.2.4,
10.141.11.0/24 : 192.168.4.2-192.168.4.3 }
}
chain x {
type nat hook prerouting priority dstnat; policy accept;
meta l4proto tcp dnat ip to iifname . ip saddr map { enp2s0 . 10.1.1.136 : 1.1.2.69 . 22, enp2s0 . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 }
dnat ip to iifname . ip saddr map { enp2s0 . 10.1.1.136 : 1.1.2.69, enp2s0 . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 }
}
chain y {
type nat hook postrouting priority srcnat; policy accept;
snat to ip saddr map @y
}
}
"
set -e
$NFT -f - <<< $EXPECTED
$NFT add element x y { 10.141.12.0/24 : 192.168.5.10-192.168.5.20 }
EXPECTED="table inet x {
chain x {
type nat hook prerouting priority dstnat; policy accept;
dnat to ip daddr . tcp dport map { 10.141.10.1 . 22 : 192.168.2.2, 10.141.11.2 . 2222 : 192.168.4.2 }
}
chain y {
type nat hook postrouting priority srcnat; policy accept;
snat to ip saddr map { 10.141.10.0/24 : 192.168.2.2-192.168.2.4, 10.141.11.0/24 : 192.168.4.2-192.168.4.3 }
}
}"
$NFT -f - <<< $EXPECTED
|
