Page MenuHomePhabricator

Protocol negation in NAT is not handled correctly
Closed, ResolvedPublicBUG

Description

Negating the protocol in NAT rules has the opposite effect and creates a rule that matches that protocol instead.

# show nat destination rule 10
 destination {
 }
 inbound-interface eth0
 protocol !tcp
 source {
     address 192.0.2.1
 }
 translation {
     address 10.91.19.10
 }

The rule it creates is:

0     0 DNAT       tcp  --  eth0   *       192.0.2.1            0.0.0.0/0            /* DST-NAT-10 */ to:10.91.19.10

A correctly generated rule was supposed to look like:

0     0 DNAT      !tcp  --  eth0      *       192.0.2.1            0.0.0.0/0            to:10.91.19.10

Details

Difficulty level
Normal (likely a few hours)
Version
1.1.7
Why the issue appeared?
Will be filled on close
syncer moved this task from Need Triage to Finished on the VyOS 1.2.x board.Oct 30 2017, 1:54 PM
syncer moved this task from Backlog to Finished on the VyOS 1.1.x (1.1.8) board.
syncer closed this task as Resolved.
syncer claimed this task.