root / manifests / ip_nat.pp @ 18ec6f48
Historique | Voir | Annoter | Télécharger (1,53 ko)
| 1 |
# manage basic chains in table ip nat |
|---|---|
| 2 |
class nftables::ip_nat inherits nftables {
|
| 3 |
|
| 4 |
nftables::config{
|
| 5 |
'ip-nat': |
| 6 |
source => 'puppet:///modules/nftables/config/puppet-ip-nat.nft'; |
| 7 |
'ip6-nat': |
| 8 |
source => 'puppet:///modules/nftables/config/puppet-ip6-nat.nft'; |
| 9 |
} |
| 10 |
|
| 11 |
nftables::chain{
|
| 12 |
[ |
| 13 |
'PREROUTING', |
| 14 |
'POSTROUTING', |
| 15 |
]: |
| 16 |
table => 'ip-nat'; |
| 17 |
} |
| 18 |
|
| 19 |
nftables::chain{
|
| 20 |
[ |
| 21 |
'PREROUTING6', |
| 22 |
'POSTROUTING6', |
| 23 |
]: |
| 24 |
table => 'ip6-nat'; |
| 25 |
} |
| 26 |
|
| 27 |
# ip-nat-chain-PREROUTING |
| 28 |
nftables::rule{
|
| 29 |
'PREROUTING-type': |
| 30 |
table => 'ip-nat', |
| 31 |
order => '01', |
| 32 |
content => 'type nat hook prerouting priority -100'; |
| 33 |
'PREROUTING-policy': |
| 34 |
table => 'ip-nat', |
| 35 |
order => '02', |
| 36 |
content => 'policy accept'; |
| 37 |
'PREROUTING6-type': |
| 38 |
table => 'ip6-nat', |
| 39 |
order => '01', |
| 40 |
content => 'type nat hook prerouting priority -100'; |
| 41 |
'PREROUTING6-policy': |
| 42 |
table => 'ip6-nat', |
| 43 |
order => '02', |
| 44 |
content => 'policy accept'; |
| 45 |
} |
| 46 |
|
| 47 |
# ip-nat-chain-POSTROUTING |
| 48 |
nftables::rule{
|
| 49 |
'POSTROUTING-type': |
| 50 |
table => 'ip-nat', |
| 51 |
order => '01', |
| 52 |
content => 'type nat hook postrouting priority 100'; |
| 53 |
'POSTROUTING-policy': |
| 54 |
table => 'ip-nat', |
| 55 |
order => '02', |
| 56 |
content => 'policy accept'; |
| 57 |
'POSTROUTING6-type': |
| 58 |
table => 'ip6-nat', |
| 59 |
order => '01', |
| 60 |
content => 'type nat hook postrouting priority 100'; |
| 61 |
'POSTROUTING6-policy': |
| 62 |
table => 'ip6-nat', |
| 63 |
order => '02', |
| 64 |
content => 'policy accept'; |
| 65 |
} |
| 66 |
} |