garethsb
commented
4 years ago Examples also need updating.
Closed garethsb closed 4 years ago
garethsb
commented
4 years ago Examples also need updating.
vsachin33
commented
4 years ago Yes, “destination_ip” needs to be mandatory property as well ..Sachin
garethsb
commented
4 years ago During today's call we identified some use cases for matching "source_ip" only, for example, when translating only source details in order to obfuscate these on outgoing traffic to another facility.
The question was asked whether in that case, it made sense to require at least one entry in the "receiver_endpoint_ids" but the use case for ingress NAT, to be applied to all incoming traffic, requires a way to specify 'global' scope, not applied to any particular receiver endpoint ID.
Therefore this PR was merged as is.
If source or destination port is included in the "match" constraints, the related IP address must also be matched. The "match" tuple is also made required.
If matching on only source IP address (and optionally port) is not needed, we can also make
"destination_ip"required.