fw4: bracketize IPv6 addresses in dnat addr:port notation

[project/firewall4.git] / root / usr / share / firewall4 / templates / redirect.uc

{%+ if (redirect.family && !redirect.has_addrs): -%}
        meta nfproto {{ fw4.nfproto(redirect.family) }} {%+ endif -%}
{%+ if (!redirect.proto.any && !redirect.has_ports): -%}
        meta l4proto {{
                (redirect.proto.name == 'icmp' && redirect.family == 6) ? 'ipv6-icmp' : redirect.proto.name
        }} {%+ endif -%}
{%+ if (redirect.device): -%}
        oifname {{ fw4.quote(redirect.device, true) }} {%+ endif -%}
{%+ if (redirect.saddrs_pos): -%}
        {{ fw4.ipproto(redirect.family) }} saddr {{ fw4.set(redirect.saddrs_pos) }} {%+ endif -%}
{%+ if (redirect.saddrs_neg): -%}
        {{ fw4.ipproto(redirect.family) }} saddr != {{ fw4.set(redirect.saddrs_neg) }} {%+ endif -%}
{%+ for (let a in redirect.saddrs_masked): -%}
        {{ fw4.ipproto(redirect.family) }} saddr & {{ a.mask }} {{ a.invert ? '!=' : '==' }} {{ a.addr }} {%+ endfor -%}
{%+ if (redirect.daddrs_pos): -%}
        {{ fw4.ipproto(redirect.family) }} daddr {{ fw4.set(redirect.daddrs_pos) }} {%+ endif -%}
{%+ if (redirect.daddrs_neg): -%}
        {{ fw4.ipproto(redirect.family) }} daddr != {{ fw4.set(redirect.daddrs_neg) }} {%+ endif -%}
{%+ for (let a in redirect.daddrs_masked): -%}
        {{ fw4.ipproto(redirect.family) }} daddr & {{ a.mask }} {{ a.invert ? '!=' : '==' }} {{ a.addr }} {%+ endfor -%}
{%+ if (redirect.sports_pos): -%}
        {{ redirect.proto.name }} sport {{ fw4.set(redirect.sports_pos) }} {%+ endif -%}
{%+ if (redirect.sports_neg): -%}
        {{ redirect.proto.name }} sport != {{ fw4.set(redirect.sports_neg) }} {%+ endif -%}
{%+ if (redirect.dports_pos): -%}
        {{ redirect.proto.name }} dport {{ fw4.set(redirect.dports_pos) }} {%+ endif -%}
{%+ if (redirect.dports_neg): -%}
        {{ redirect.proto.name }} dport != {{ fw4.set(redirect.dports_neg) }} {%+ endif -%}
{%+ if (redirect.smacs_pos): -%}
        ether saddr {{ fw4.set(redirect.smacs_pos) }} {%+ endif -%}
{%+ if (redirect.smacs_neg): -%}
        ether saddr != {{ fw4.set(redirect.smacs_neg) }} {%+ endif -%}
{%+ if (redirect.helper): -%}
        ct helper{% if (redirect.helper.invert): %} !={% endif %} {{ fw4.quote(redirect.helper.name, true) }} {%+ endif -%}
{%+ if (redirect.limit): -%}
        limit rate {{ redirect.limit.rate }}/{{ redirect.limit.unit }}
        {%- if (redirect.limit_burst): %} burst {{ redirect.limit_burst }} packets{% endif %} {%+ endif -%}
{%+ if (redirect.start_date): -%}
        meta time >= {{
                exists(redirect.start_date, "hour") ? fw4.datetime(redirect.start_date) : fw4.date(redirect.start_date)
        }} {%+ endif -%}
{%+ if (redirect.stop_date): -%}
        meta time <= {{
                exists(redirect.stop_date, "hour") ? fw4.datetime(redirect.stop_date) : fw4.date(redirect.stop_date)
        }} {%+ endif -%}
{%+ if (redirect.start_time): -%}
        meta hour >= {{ fw4.time(redirect.start_time) }} {%+ endif -%}
{%+ if (redirect.stop_time): -%}
        meta hour <= {{ fw4.time(redirect.stop_time) }} {%+ endif -%}
{%+ if (redirect.weekdays): -%}
        meta day{% if (redirect.weekdays.invert): %} !={% endif %} {{ fw4.set(redirect.weekdays.days) }} {%+ endif -%}
{%+ if (redirect.mark && redirect.mark.mask < 0xFFFFFFFF): -%}
        meta mark and {{ fw4.hex(redirect.mark.mask) }} {{
                redirect.mark.invert ? '!=' : '=='
        }} {{ fw4.hex(redirect.mark.mark) }} {%+ endif -%}
{%+ if (redirect.mark && redirect.mark.mask == 0xFFFFFFFF): -%}
        meta mark{% if (redirect.mark.invert): %} !={% endif %} {{ fw4.hex(redirect.mark.mark) }} {%+ endif -%}
{%+ if (redirect.ipset): -%}
        {{ fw4.concat(redirect.ipset.fields) }}{{
                redirect.ipset.invert ? ' !=' : ''
        }} @{{ redirect.ipset.name }} {%+ endif -%}
{%+ if (redirect.counter): -%}
        counter {%+ endif -%}
{% if (redirect.target == "redirect"): -%}
        redirect{% if (redirect.rport): %} to {{ fw4.port(redirect.rport) }}{% endif %}
{%- elif (redirect.target == "accept" || redirect.target == "masquerade"): -%}
        {{ redirect.target }}
{%- else -%}
        {{ redirect.target }} {{ redirect.raddr ? fw4.host(redirect.raddr, redirect.rport != null) : '' }}
        {%- if (redirect.rport): %}:{{ fw4.port(redirect.rport) }}{% endif %}
{% endif %} comment {{ fw4.quote("!fw4: " + redirect.name, true) }}