root / manifests / ip_nat.pp @ 18ec6f48
Historique | Voir | Annoter | Télécharger (1,53 ko)
| 1 | c8092701 | tr | # manage basic chains in table ip nat |
|---|---|---|---|
| 2 | class nftables::ip_nat inherits nftables {
|
||
| 3 | |||
| 4 | nftables::config{
|
||
| 5 | 'ip-nat': |
||
| 6 | source => 'puppet:///modules/nftables/config/puppet-ip-nat.nft'; |
||
| 7 | 248ef9d5 | tr | 'ip6-nat': |
| 8 | source => 'puppet:///modules/nftables/config/puppet-ip6-nat.nft'; |
||
| 9 | c8092701 | tr | } |
| 10 | |||
| 11 | nftables::chain{
|
||
| 12 | [ |
||
| 13 | 'PREROUTING', |
||
| 14 | 'POSTROUTING', |
||
| 15 | ]: |
||
| 16 | table => 'ip-nat'; |
||
| 17 | } |
||
| 18 | |||
| 19 | 248ef9d5 | tr | nftables::chain{
|
| 20 | [ |
||
| 21 | 'PREROUTING6', |
||
| 22 | 'POSTROUTING6', |
||
| 23 | ]: |
||
| 24 | table => 'ip6-nat'; |
||
| 25 | } |
||
| 26 | |||
| 27 | c8092701 | tr | # ip-nat-chain-PREROUTING |
| 28 | nftables::rule{
|
||
| 29 | 'PREROUTING-type': |
||
| 30 | 248ef9d5 | tr | table => 'ip-nat', |
| 31 | c8092701 | tr | order => '01', |
| 32 | content => 'type nat hook prerouting priority -100'; |
||
| 33 | 'PREROUTING-policy': |
||
| 34 | 248ef9d5 | tr | table => 'ip-nat', |
| 35 | order => '02', |
||
| 36 | content => 'policy accept'; |
||
| 37 | 'PREROUTING6-type': |
||
| 38 | table => 'ip6-nat', |
||
| 39 | order => '01', |
||
| 40 | content => 'type nat hook prerouting priority -100'; |
||
| 41 | 'PREROUTING6-policy': |
||
| 42 | table => 'ip6-nat', |
||
| 43 | c8092701 | tr | order => '02', |
| 44 | content => 'policy accept'; |
||
| 45 | } |
||
| 46 | |||
| 47 | # ip-nat-chain-POSTROUTING |
||
| 48 | nftables::rule{
|
||
| 49 | 'POSTROUTING-type': |
||
| 50 | 248ef9d5 | tr | table => 'ip-nat', |
| 51 | c8092701 | tr | order => '01', |
| 52 | content => 'type nat hook postrouting priority 100'; |
||
| 53 | 'POSTROUTING-policy': |
||
| 54 | 248ef9d5 | tr | table => 'ip-nat', |
| 55 | order => '02', |
||
| 56 | content => 'policy accept'; |
||
| 57 | 'POSTROUTING6-type': |
||
| 58 | table => 'ip6-nat', |
||
| 59 | order => '01', |
||
| 60 | content => 'type nat hook postrouting priority 100'; |
||
| 61 | 'POSTROUTING6-policy': |
||
| 62 | table => 'ip6-nat', |
||
| 63 | c8092701 | tr | order => '02', |
| 64 | content => 'policy accept'; |
||
| 65 | } |
||
| 66 | } |