NAT - Config tmp file not available
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	n.fort
	Apr 17 2022, 1:17 PM

Description

Currently, on latest 1.4 version, we have several firewall configuration files, used for loading firewall ruleset to netfilter. This files are located in /run/:

vyos@R03# ls -la /run/ | grep nft
-rw-r--r--  1 root      root        4045 Apr 17 09:46 nftables.conf
-rw-r--r--  1 root      root         299 Apr 17 09:46 nftables-ct.conf
-rw-r--r--  1 root      root           0 Apr 17 09:46 nftables_defines.conf
-rw-r--r--  1 root      root         717 Apr 17 09:46 nftables_policy.conf

Firewall rules are parsed and written to those files, and then loaded to netfilter. This seems useful, since if there's an error while loading the ruleset, you can investigate on those files for wrong configuration.

But, no such file is available for NAT configuration --> https://github.com/vyos/vyos-1x/blob/039e323d7e46f7d8244c42794f713a0bfecbe2d3/src/conf_mode/nat.py#L46

Also, the tmp file used is removed when applying NAT config --> https://github.com/vyos/vyos-1x/blob/039e323d7e46f7d8244c42794f713a0bfecbe2d3/src/conf_mode/nat.py#L197

It would be good to have a file /run/nftables-nat.conf, so all files used for loading firewall/nat rules are available.