Class: Mt::Wall::Model::NatRule

Inherits:
Data
  • Object
show all
Defined in:
lib/mt/wall/model/nat_rule.rb

Overview

A device-local NAT rule (Layer B — the box’s own firewall). Compiles almost directly to a single RouterOS ‘/ip firewall nat` rule: a chain, an action, native match conditions, and translation targets.

IPv4-ONLY for v1: RouterOS keeps NAT under ‘/ip/firewall/nat`. IPv6 NAT (`/ipv6/firewall/nat`) is intentionally OUT OF SCOPE for v1 — a NatRule always targets the v4 table. Validation rejects IPv6 match/translation addresses.

‘match` is a normalized Hash of conditions, reusing the FilterRule key set where it makes sense:

:protocol      [Symbol]            :tcp, :udp, ...
:dst_port      [Integer, Array, Range]  the published/external port(s)
:src_port      [Integer, Array, Range]
:in_interface  [String]            e.g. the WAN interface (masquerade)
:out_interface [String]
:src           [String]            host/group name -> src-address-list
:dst           [String]            host/group name -> dst-address-list

Translation targets (action-dependent):

* :masquerade            — ignores to_addresses/to_ports
* :dst_nat (port-forward) — to_addresses + to_ports = the internal host:port
* :src_nat                — to_addresses (+ optional to_ports)

RULE IDENTITY: like FilterRule, mt-wall owns the ENTIRE nat table, so every emitted rule carries the deterministic ‘mt-wall:<stable-hash>` identity tag in its `comment`; diff/Plan match by tag, never by `.id`.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil) ⇒ NatRule

Returns a new instance of NatRule.



42
43
44
45
 
# File 'lib/mt/wall/model/nat_rule.rb', line 42

def initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil)
  super(chain: chain, action: action, match: match,
        to_addresses: Array(to_addresses), to_ports: to_ports, comment: comment)
end

Instance Attribute Details

#actionObject (readonly)

Returns the value of attribute action

Returns:

  • (Object)

    the current value of action



41
42
43
 
# File 'lib/mt/wall/model/nat_rule.rb', line 41

def action
  @action
end

#chainObject (readonly)

Returns the value of attribute chain

Returns:

  • (Object)

    the current value of chain



41
42
43
 
# File 'lib/mt/wall/model/nat_rule.rb', line 41

def chain
  @chain
end

#commentObject (readonly)

Returns the value of attribute comment

Returns:

  • (Object)

    the current value of comment



41
42
43
44
45
46
 
# File 'lib/mt/wall/model/nat_rule.rb', line 41

NatRule = Data.define(:chain, :action, :match, :to_addresses, :to_ports, :comment) do
  def initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil)
    super(chain: chain, action: action, match: match,
          to_addresses: Array(to_addresses), to_ports: to_ports, comment: comment)
  end
end

#matchObject (readonly)

Returns the value of attribute match

Returns:

  • (Object)

    the current value of match



41
42
43
 
# File 'lib/mt/wall/model/nat_rule.rb', line 41

def match
  @match
end

#to_addressesObject (readonly)

Returns the value of attribute to_addresses

Returns:

  • (Object)

    the current value of to_addresses



41
42
43
44
45
46
 
# File 'lib/mt/wall/model/nat_rule.rb', line 41

NatRule = Data.define(:chain, :action, :match, :to_addresses, :to_ports, :comment) do
  def initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil)
    super(chain: chain, action: action, match: match,
          to_addresses: Array(to_addresses), to_ports: to_ports, comment: comment)
  end
end

#to_portsObject (readonly)

Returns the value of attribute to_ports

Returns:

  • (Object)

    the current value of to_ports



41
42
43
44
45
46
 
# File 'lib/mt/wall/model/nat_rule.rb', line 41

NatRule = Data.define(:chain, :action, :match, :to_addresses, :to_ports, :comment) do
  def initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil)
    super(chain: chain, action: action, match: match,
          to_addresses: Array(to_addresses), to_ports: to_ports, comment: comment)
  end
end

Instance Method Details

#action=(value) ⇒ Object (readonly)

:masquerade, :dst_nat or :src_nat (rendered to RouterOS “dst-nat” / “src-nat”)



41
42
43
44
45
46
 
# File 'lib/mt/wall/model/nat_rule.rb', line 41

NatRule = Data.define(:chain, :action, :match, :to_addresses, :to_ports, :comment) do
  def initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil)
    super(chain: chain, action: action, match: match,
          to_addresses: Array(to_addresses), to_ports: to_ports, comment: comment)
  end
end

#chain=(value) ⇒ Object (readonly)

:srcnat or :dstnat



41
42
43
44
45
46
 
# File 'lib/mt/wall/model/nat_rule.rb', line 41

NatRule = Data.define(:chain, :action, :match, :to_addresses, :to_ports, :comment) do
  def initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil)
    super(chain: chain, action: action, match: match,
          to_addresses: Array(to_addresses), to_ports: to_ports, comment: comment)
  end
end

#match=(value) ⇒ Object (readonly)

native match conditions (see above)



41
42
43
44
45
46
 
# File 'lib/mt/wall/model/nat_rule.rb', line 41

NatRule = Data.define(:chain, :action, :match, :to_addresses, :to_ports, :comment) do
  def initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil)
    super(chain: chain, action: action, match: match,
          to_addresses: Array(to_addresses), to_ports: to_ports, comment: comment)
  end
end