Merge pull request #3504 from vyos/mergify/bp/sagitta/pr-3482

nat: T6365: remove warnings for negated interface selections by name (backport #3482)
vyos · May 23, 2024 · 7279f74 · 7279f74
2 parents 434222b + a229387
commit 7279f74
Showing 1 changed file with 13 additions and 5 deletions.
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
@@ -17,7 +17,6 @@
 import os
 
 from sys import exit
-from netifaces import interfaces
 
 from vyos.base import Warning
 from vyos.config import Config
@@ -30,6 +29,7 @@
 from vyos.utils.process import cmd
 from vyos.utils.process import run
 from vyos.utils.network import is_addr_assigned
+from vyos.utils.network import interface_exists
 from vyos import ConfigError
 
 from vyos import airbag
@@ -149,8 +149,12 @@ def verify(nat):
                 if 'name' in config['outbound_interface'] and 'group' in config['outbound_interface']:
                     raise ConfigError(f'{err_msg} cannot specify both interface group and interface name for nat source rule "{rule}"')
                 elif 'name' in config['outbound_interface']:
-                    if config['outbound_interface']['name'] not in 'any' and config['outbound_interface']['name'] not in interfaces():
-                        Warning(f'NAT interface "{config["outbound_interface"]["name"]}" for source NAT rule "{rule}" does not exist!')
+                    interface_name = config['outbound_interface']['name']
+                    if interface_name not in 'any':
+                        if interface_name.startswith('!'):
+                            interface_name = interface_name[1:]
+                        if not interface_exists(interface_name):
+                            Warning(f'Interface "{interface_name}" for source NAT rule "{rule}" does not exist!')
                 else:
                     group_name = config['outbound_interface']['group']
                     if group_name[0] == '!':
@@ -182,8 +186,12 @@ def verify(nat):
                 if 'name' in config['inbound_interface'] and 'group' in config['inbound_interface']:
                     raise ConfigError(f'{err_msg} cannot specify both interface group and interface name for destination nat rule "{rule}"')
                 elif 'name' in config['inbound_interface']:
-                    if config['inbound_interface']['name'] not in 'any' and config['inbound_interface']['name'] not in interfaces():
-                        Warning(f'NAT interface "{config["inbound_interface"]["name"]}" for destination NAT rule "{rule}" does not exist!')
+                    interface_name = config['inbound_interface']['name']
+                    if interface_name not in 'any':
+                        if interface_name.startswith('!'):
+                            interface_name = interface_name[1:]
+                        if not interface_exists(interface_name):
+                            Warning(f'Interface "{interface_name}" for destination NAT rule "{rule}" does not exist!')
                 else:
                     group_name = config['inbound_interface']['group']
                     if group_name[0] == '!':