Projet

Général

Profil

Révision 248ef9d5

ID248ef9d51e38fe8bd1453ba7cd874736d842cdbd
Parent 579e27df
Enfant e105f149

Ajouté par tr il y a plus de 4 ans

Add basic ip6 nat chains

Voir les différences:

manifests/ip_nat.pp
4 4 
  nftables::config{
5 5 
    'ip-nat':
6 6 
      source => 'puppet:///modules/nftables/config/puppet-ip-nat.nft';
7 
    'ip6-nat':
8 
      source => 'puppet:///modules/nftables/config/puppet-ip6-nat.nft';
7 9 
  }
8 10 

  		




  9
  11
  
    
  nftables::chain{


  		




  ......




  14
  16
  
    
      table => 'ip-nat';


  		




  15
  17
  
    
  }


  		




  16
  18
  
    

  		




  
  19
  
    
  nftables::chain{


  		




  
  20
  
    
    [


  		




  
  21
  
    
      'PREROUTING6',


  		




  
  22
  
    
      'POSTROUTING6',


  		




  
  23
  
    
    ]:


  		




  
  24
  
    
      table => 'ip6-nat';


  		




  
  25
  
    
  }


  		




  
  26
  
    

  		




  17
  27
  
    
  # ip-nat-chain-PREROUTING


  		




  18
  28
  
    
  nftables::rule{


  		




  19
  
  
    
    default:


  		




  20
  
  
    
      table   => 'ip-nat';


  		




  21
  29
  
    
    'PREROUTING-type':


  		




  
  30
  
    
      table   => 'ip-nat',


  		




  22
  31
  
    
      order   => '01',


  		




  23
  32
  
    
      content => 'type nat hook prerouting priority -100';


  		




  24
  33
  
    
    'PREROUTING-policy':


  		




  
  34
  
    
      table   => 'ip-nat',


  		




  
  35
  
    
      order   => '02',


  		




  
  36
  
    
      content => 'policy accept';


  		




  
  37
  
    
    'PREROUTING6-type':


  		




  
  38
  
    
      table   => 'ip6-nat',


  		




  
  39
  
    
      order   => '01',


  		




  
  40
  
    
      content => 'type nat hook prerouting priority -100';


  		




  
  41
  
    
    'PREROUTING6-policy':


  		




  
  42
  
    
      table   => 'ip6-nat',


  		




  25
  43
  
    
      order   => '02',


  		




  26
  44
  
    
      content => 'policy accept';


  		




  27
  45
  
    
  }


  		




  28
  46
  
    

  		




  29
  47
  
    
  # ip-nat-chain-POSTROUTING


  		




  30
  48
  
    
  nftables::rule{


  		




  31
  
  
    
    default:


  		




  32
  
  
    
      table   => 'ip-nat';


  		




  33
  49
  
    
    'POSTROUTING-type':


  		




  
  50
  
    
      table   => 'ip-nat',


  		




  34
  51
  
    
      order   => '01',


  		




  35
  52
  
    
      content => 'type nat hook postrouting priority 100';


  		




  36
  53
  
    
    'POSTROUTING-policy':


  		




  
  54
  
    
      table   => 'ip-nat',


  		




  
  55
  
    
      order   => '02',


  		




  
  56
  
    
      content => 'policy accept';


  		




  
  57
  
    
    'POSTROUTING6-type':


  		




  
  58
  
    
      table   => 'ip6-nat',


  		




  
  59
  
    
      order   => '01',


  		




  
  60
  
    
      content => 'type nat hook postrouting priority 100';


  		




  
  61
  
    
    'POSTROUTING6-policy':


  		




  
  62
  
    
      table   => 'ip6-nat',


  		




  37
  63
  
    
      order   => '02',


  		




  38
  64
  
    
      content => 'policy accept';


  		




  39
  65
  
    
  }


  		












Formats disponibles :  Unified diff