root / manifests / rules / podman.pp @ 5dedf86c
Historique | Voir | Annoter | Télécharger (633 octets)
| 1 |
# @summary |
|---|---|
| 2 |
# Rules for Podman, a tool for managing OCI containers and pods. |
| 3 |
# This class defines additional forwarding rules to let root containers |
| 4 |
# reach external networks when using Netavark (since v4.0) or CNI (deprecated). |
| 5 |
# At the time of writing, Podman supports automatic configuration |
| 6 |
# of firewall rules with iptables and firewalld only. |
| 7 |
# |
| 8 |
class nftables::rules::podman {
|
| 9 |
nftables::rule {
|
| 10 |
'default_fwd-podman_establised': |
| 11 |
content => 'ip daddr 10.88.0.0/16 ct state related,established accept', |
| 12 |
} |
| 13 |
nftables::rule {
|
| 14 |
'default_fwd-podman_accept': |
| 15 |
content => 'ip saddr 10.88.0.0/16 accept', |
| 16 |
} |
| 17 |
} |