Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / manifests / ip_nat.pp @ d7d6d5d3

Historique | Voir | Annoter | Télécharger (1,72 ko)

1 
# manage basic chains in table ip nat
2 
class nftables::ip_nat inherits nftables {
3 
  nftables::config {
4 
    "ip-${nftables::nat_table_name}":
5 
      prefix => '';
6 
    "ip6-${nftables::nat_table_name}":
7 
      prefix => '';
8 
  }
9 

    		
  

  

    
      10
    
    
      
  nftables::chain {


    		
  

  

    
      11
    
    
      
    [


    		
  

  

    
      12
    
    
      
      'PREROUTING',


    		
  

  

    
      13
    
    
      
      'POSTROUTING',


    		
  

  

    
      14
    
    
      
    ]:


    		
  

  

    
      15
    
    
      
      table => "ip-${nftables::nat_table_name}";


    		
  

  

    
      16
    
    
      
  }


    		
  

  

    
      17
    
    
      

    		
  

  

    
      18
    
    
      
  nftables::chain {


    		
  

  

    
      19
    
    
      
    [


    		
  

  

    
      20
    
    
      
      'PREROUTING6',


    		
  

  

    
      21
    
    
      
      'POSTROUTING6',


    		
  

  

    
      22
    
    
      
    ]:


    		
  

  

    
      23
    
    
      
      table => "ip6-${nftables::nat_table_name}";


    		
  

  

    
      24
    
    
      
  }


    		
  

  

    
      25
    
    
      

    		
  

  

    
      26
    
    
      
  # ip-nat-chain-PREROUTING


    		
  

  

    
      27
    
    
      
  nftables::rule {


    		
  

  

    
      28
    
    
      
    'PREROUTING-type':


    		
  

  

    
      29
    
    
      
      table   => "ip-${nftables::nat_table_name}",


    		
  

  

    
      30
    
    
      
      order   => '01',


    		
  

  

    
      31
    
    
      
      content => 'type nat hook prerouting priority -100';


    		
  

  

    
      32
    
    
      
    'PREROUTING-policy':


    		
  

  

    
      33
    
    
      
      table   => "ip-${nftables::nat_table_name}",


    		
  

  

    
      34
    
    
      
      order   => '02',


    		
  

  

    
      35
    
    
      
      content => 'policy accept';


    		
  

  

    
      36
    
    
      
    'PREROUTING6-type':


    		
  

  

    
      37
    
    
      
      table   => "ip6-${nftables::nat_table_name}",


    		
  

  

    
      38
    
    
      
      order   => '01',


    		
  

  

    
      39
    
    
      
      content => 'type nat hook prerouting priority -100';


    		
  

  

    
      40
    
    
      
    'PREROUTING6-policy':


    		
  

  

    
      41
    
    
      
      table   => "ip6-${nftables::nat_table_name}",


    		
  

  

    
      42
    
    
      
      order   => '02',


    		
  

  

    
      43
    
    
      
      content => 'policy accept';


    		
  

  

    
      44
    
    
      
  }


    		
  

  

    
      45
    
    
      

    		
  

  

    
      46
    
    
      
  # ip-nat-chain-POSTROUTING


    		
  

  

    
      47
    
    
      
  nftables::rule {


    		
  

  

    
      48
    
    
      
    'POSTROUTING-type':


    		
  

  

    
      49
    
    
      
      table   => "ip-${nftables::nat_table_name}",


    		
  

  

    
      50
    
    
      
      order   => '01',


    		
  

  

    
      51
    
    
      
      content => 'type nat hook postrouting priority 100';


    		
  

  

    
      52
    
    
      
    'POSTROUTING-policy':


    		
  

  

    
      53
    
    
      
      table   => "ip-${nftables::nat_table_name}",


    		
  

  

    
      54
    
    
      
      order   => '02',


    		
  

  

    
      55
    
    
      
      content => 'policy accept';


    		
  

  

    
      56
    
    
      
    'POSTROUTING6-type':


    		
  

  

    
      57
    
    
      
      table   => "ip6-${nftables::nat_table_name}",


    		
  

  

    
      58
    
    
      
      order   => '01',


    		
  

  

    
      59
    
    
      
      content => 'type nat hook postrouting priority 100';


    		
  

  

    
      60
    
    
      
    'POSTROUTING6-policy':


    		
  

  

    
      61
    
    
      
      table   => "ip6-${nftables::nat_table_name}",


    		
  

  

    
      62
    
    
      
      order   => '02',


    		
  

  

    
      63
    
    
      
      content => 'policy accept';


    		
  

  

    
      64
    
    
      
  }


    		
  

  

    
      65
    
    
      
}