root / manifests / ip_nat.pp @ 8842a597
Historique | Voir | Annoter | Télécharger (1,72 ko)
| 1 | c8092701 | tr | # manage basic chains in table ip nat |
|---|---|---|---|
| 2 | class nftables::ip_nat inherits nftables {
|
||
| 3 | 948ebc98 | Nacho Barrientos | nftables::config {
|
| 4 | fcb79d73 | Ben Morrice | "ip-${nftables::nat_table_name}":
|
| 5 | 948ebc98 | Nacho Barrientos | prefix => ''; |
| 6 | fcb79d73 | Ben Morrice | "ip6-${nftables::nat_table_name}":
|
| 7 | 948ebc98 | Nacho Barrientos | prefix => ''; |
| 8 | } |
||
| 9 | c8092701 | tr | |
| 10 | 11bf7237 | Steve Traylen | nftables::chain {
|
| 11 | c8092701 | tr | [ |
| 12 | 'PREROUTING', |
||
| 13 | 'POSTROUTING', |
||
| 14 | ]: |
||
| 15 | fcb79d73 | Ben Morrice | table => "ip-${nftables::nat_table_name}";
|
| 16 | c8092701 | tr | } |
| 17 | |||
| 18 | 11bf7237 | Steve Traylen | nftables::chain {
|
| 19 | 248ef9d5 | tr | [ |
| 20 | 'PREROUTING6', |
||
| 21 | 'POSTROUTING6', |
||
| 22 | ]: |
||
| 23 | fcb79d73 | Ben Morrice | table => "ip6-${nftables::nat_table_name}";
|
| 24 | 248ef9d5 | tr | } |
| 25 | |||
| 26 | c8092701 | tr | # ip-nat-chain-PREROUTING |
| 27 | 11bf7237 | Steve Traylen | nftables::rule {
|
| 28 | c8092701 | tr | 'PREROUTING-type': |
| 29 | fcb79d73 | Ben Morrice | table => "ip-${nftables::nat_table_name}",
|
| 30 | c8092701 | tr | order => '01', |
| 31 | content => 'type nat hook prerouting priority -100'; |
||
| 32 | 'PREROUTING-policy': |
||
| 33 | fcb79d73 | Ben Morrice | table => "ip-${nftables::nat_table_name}",
|
| 34 | 248ef9d5 | tr | order => '02', |
| 35 | content => 'policy accept'; |
||
| 36 | 'PREROUTING6-type': |
||
| 37 | fcb79d73 | Ben Morrice | table => "ip6-${nftables::nat_table_name}",
|
| 38 | 248ef9d5 | tr | order => '01', |
| 39 | content => 'type nat hook prerouting priority -100'; |
||
| 40 | 'PREROUTING6-policy': |
||
| 41 | fcb79d73 | Ben Morrice | table => "ip6-${nftables::nat_table_name}",
|
| 42 | c8092701 | tr | order => '02', |
| 43 | content => 'policy accept'; |
||
| 44 | } |
||
| 45 | |||
| 46 | # ip-nat-chain-POSTROUTING |
||
| 47 | 11bf7237 | Steve Traylen | nftables::rule {
|
| 48 | c8092701 | tr | 'POSTROUTING-type': |
| 49 | fcb79d73 | Ben Morrice | table => "ip-${nftables::nat_table_name}",
|
| 50 | c8092701 | tr | order => '01', |
| 51 | content => 'type nat hook postrouting priority 100'; |
||
| 52 | 'POSTROUTING-policy': |
||
| 53 | fcb79d73 | Ben Morrice | table => "ip-${nftables::nat_table_name}",
|
| 54 | 248ef9d5 | tr | order => '02', |
| 55 | content => 'policy accept'; |
||
| 56 | 'POSTROUTING6-type': |
||
| 57 | fcb79d73 | Ben Morrice | table => "ip6-${nftables::nat_table_name}",
|
| 58 | 248ef9d5 | tr | order => '01', |
| 59 | content => 'type nat hook postrouting priority 100'; |
||
| 60 | 'POSTROUTING6-policy': |
||
| 61 | fcb79d73 | Ben Morrice | table => "ip6-${nftables::nat_table_name}",
|
| 62 | c8092701 | tr | order => '02', |
| 63 | content => 'policy accept'; |
||
| 64 | } |
||
| 65 | } |