root / manifests / ip_nat.pp @ ce22630b
Historique | Voir | Annoter | Télécharger (1,54 ko)
| 1 | c8092701 | tr | # manage basic chains in table ip nat |
|---|---|---|---|
| 2 | class nftables::ip_nat inherits nftables {
|
||
| 3 | 11bf7237 | Steve Traylen | nftables::config {
|
| 4 | c8092701 | tr | 'ip-nat': |
| 5 | source => 'puppet:///modules/nftables/config/puppet-ip-nat.nft'; |
||
| 6 | 248ef9d5 | tr | 'ip6-nat': |
| 7 | source => 'puppet:///modules/nftables/config/puppet-ip6-nat.nft'; |
||
| 8 | c8092701 | tr | } |
| 9 | |||
| 10 | 11bf7237 | Steve Traylen | nftables::chain {
|
| 11 | c8092701 | tr | [ |
| 12 | 'PREROUTING', |
||
| 13 | 'POSTROUTING', |
||
| 14 | ]: |
||
| 15 | table => 'ip-nat'; |
||
| 16 | } |
||
| 17 | |||
| 18 | 11bf7237 | Steve Traylen | nftables::chain {
|
| 19 | 248ef9d5 | tr | [ |
| 20 | 'PREROUTING6', |
||
| 21 | 'POSTROUTING6', |
||
| 22 | ]: |
||
| 23 | table => 'ip6-nat'; |
||
| 24 | } |
||
| 25 | |||
| 26 | c8092701 | tr | # ip-nat-chain-PREROUTING |
| 27 | 11bf7237 | Steve Traylen | nftables::rule {
|
| 28 | c8092701 | tr | 'PREROUTING-type': |
| 29 | 248ef9d5 | tr | table => 'ip-nat', |
| 30 | c8092701 | tr | order => '01', |
| 31 | content => 'type nat hook prerouting priority -100'; |
||
| 32 | 'PREROUTING-policy': |
||
| 33 | 248ef9d5 | tr | table => 'ip-nat', |
| 34 | order => '02', |
||
| 35 | content => 'policy accept'; |
||
| 36 | 'PREROUTING6-type': |
||
| 37 | table => 'ip6-nat', |
||
| 38 | order => '01', |
||
| 39 | content => 'type nat hook prerouting priority -100'; |
||
| 40 | 'PREROUTING6-policy': |
||
| 41 | table => 'ip6-nat', |
||
| 42 | c8092701 | tr | order => '02', |
| 43 | content => 'policy accept'; |
||
| 44 | } |
||
| 45 | |||
| 46 | # ip-nat-chain-POSTROUTING |
||
| 47 | 11bf7237 | Steve Traylen | nftables::rule {
|
| 48 | c8092701 | tr | 'POSTROUTING-type': |
| 49 | 248ef9d5 | tr | table => 'ip-nat', |
| 50 | c8092701 | tr | order => '01', |
| 51 | content => 'type nat hook postrouting priority 100'; |
||
| 52 | 'POSTROUTING-policy': |
||
| 53 | 248ef9d5 | tr | table => 'ip-nat', |
| 54 | order => '02', |
||
| 55 | content => 'policy accept'; |
||
| 56 | 'POSTROUTING6-type': |
||
| 57 | table => 'ip6-nat', |
||
| 58 | order => '01', |
||
| 59 | content => 'type nat hook postrouting priority 100'; |
||
| 60 | 'POSTROUTING6-policy': |
||
| 61 | table => 'ip6-nat', |
||
| 62 | c8092701 | tr | order => '02', |
| 63 | content => 'policy accept'; |
||
| 64 | } |
||
| 65 | } |