/manifests/ip_nat.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / ip_nat.pp @ 948ebc98

1	c8092701	tr	# manage basic chains in table ip nat
2			class nftables::ip_nat inherits nftables {
3	948ebc98	Nacho Barrientos	nftables::config {
4			'ip-nat':
5			prefix => '';
6			'ip6-nat':
7			prefix => '';
8			}
9	c8092701	tr
10	11bf7237	Steve Traylen	nftables::chain {
11	c8092701	tr	[
12			'PREROUTING',
13			'POSTROUTING',
14			]:
15			table => 'ip-nat';
16			}
17
18	11bf7237	Steve Traylen	nftables::chain {
19	248ef9d5	tr	[
20			'PREROUTING6',
21			'POSTROUTING6',
22			]:
23			table => 'ip6-nat';
24			}
25
26	c8092701	tr	# ip-nat-chain-PREROUTING
27	11bf7237	Steve Traylen	nftables::rule {
28	c8092701	tr	'PREROUTING-type':
29	248ef9d5	tr	table => 'ip-nat',
30	c8092701	tr	order => '01',
31			content => 'type nat hook prerouting priority -100';
32			'PREROUTING-policy':
33	248ef9d5	tr	table => 'ip-nat',
34			order => '02',
35			content => 'policy accept';
36			'PREROUTING6-type':
37			table => 'ip6-nat',
38			order => '01',
39			content => 'type nat hook prerouting priority -100';
40			'PREROUTING6-policy':
41			table => 'ip6-nat',
42	c8092701	tr	order => '02',
43			content => 'policy accept';
44			}
45
46			# ip-nat-chain-POSTROUTING
47	11bf7237	Steve Traylen	nftables::rule {
48	c8092701	tr	'POSTROUTING-type':
49	248ef9d5	tr	table => 'ip-nat',
50	c8092701	tr	order => '01',
51			content => 'type nat hook postrouting priority 100';
52			'POSTROUTING-policy':
53	248ef9d5	tr	table => 'ip-nat',
54			order => '02',
55			content => 'policy accept';
56			'POSTROUTING6-type':
57			table => 'ip6-nat',
58			order => '01',
59			content => 'type nat hook postrouting priority 100';
60			'POSTROUTING6-policy':
61			table => 'ip6-nat',
62	c8092701	tr	order => '02',
63			content => 'policy accept';
64			}
65			}