Projet

Général

Profil

Révision 5933ab8e

ID5933ab8e0151e73e75b1f629f752b917c0888a52
Parent a6064b9f
Enfant 050f1005

Ajouté par tr il y a plus de 4 ans

Set NAT only for IPv4

Voir les différences:

files/config/puppet-ip-nat.nft
1 
table nat {
2 
  include "/etc/nftables/puppet/nat-chains-*.nft"
1 
table ip nat {
2 
  include "/etc/nftables/puppet/ip-nat-chains-*.nft"
3 3 

  		




  4
  4
  
    
  chain PREROUTING {


  		




  5
  5
  
    
    type nat hook prerouting priority 0


  		




  6
  6
  
    
    policy accept


  		




  7
  7
  
    

  		




  8
  
  
    
    include "/etc/nftables/puppet/nat-chain-prerouting-*.nft"


  		




  
  8
  
    
    include "/etc/nftables/puppet/ip-nat-chain-prerouting-*.nft"


  		




  9
  9
  
    
  }


  		




  10
  10
  
    
  chain INPUT {


  		




  11
  11
  
    
    type nat hook input priority 100


  		




  12
  12
  
    
    policy accept


  		




  13
  13
  
    

  		




  14
  
  
    
    include "/etc/nftables/puppet/nat-chain-input-*.nft"


  		




  
  14
  
    
    include "/etc/nftables/puppet/ip-nat-chain-input-*.nft"


  		




  15
  15
  
    
  }


  		




  16
  16
  
    
  chain OUTPUT {


  		




  17
  17
  
    
    type nat hook output priority 0


  		




  18
  18
  
    
    policy accept


  		




  19
  19
  
    

  		




  20
  
  
    
    include "/etc/nftables/puppet/nat-chain-output-*.nft"


  		




  
  20
  
    
    include "/etc/nftables/puppet/ip-nat-chain-output-*.nft"


  		




  21
  21
  
    
  }


  		




  22
  22
  
    

  		




  23
  23
  
    
  chain POSTROUTING {


  		




  24
  24
  
    
    type nat hook postrouting priority 100


  		




  25
  25
  
    
    policy accept


  		




  26
  26
  
    

  		




  27
  
  
    
    include "/etc/nftables/puppet/nat-chain-postrouting-*.nft"


  		




  
  27
  
    
    include "/etc/nftables/puppet/ip-nat-chain-postrouting-*.nft"


  		




  28
  28
  
    
  }


  		




  29
  29
  
    
}


  		












  

    
      files/config/puppet.nft
    
  





  3
  3
  
    

  		




  4
  4
  
    
include "/etc/nftables/puppet/custom-*.nft"


  		




  5
  5
  
    
include "/etc/nftables/puppet/filter.nft"


  		




  6
  
  
    
include "/etc/nftables/puppet/nat.nft"


  		




  
  6
  
    
include "/etc/nftables/puppet/ip-nat.nft"


  		












  

    
      manifests/init.pp
    
  





  34
  34
  
    
  nftables::config{


  		




  35
  35
  
    
    'filter':


  		




  36
  36
  
    
      source => 'puppet:///modules/nftables/config/puppet-filter.nft';


  		




  37
  
  
    
    'nat':


  		




  38
  
  
    
      source => 'puppet:///modules/nftables/config/puppet-nat.nft';


  		




  
  37
  
    
    'ip-nat':


  		




  
  38
  
    
      source => 'puppet:///modules/nftables/config/puppet-ip-nat.nft';


  		




  39
  39
  
    
  }


  		




  40
  40
  
    

  		




  41
  41
  
    
  nftables::filter::chain{


  		












Formats disponibles :  Unified diff