root / manifests / rules / podman.pp @ e846c98b
Historique | Voir | Annoter | Télécharger (633 octets)
| 1 | 08b9f1d0 | Steve Traylen | # @summary |
|---|---|---|---|
| 2 | # Rules for Podman, a tool for managing OCI containers and pods. |
||
| 3 | # This class defines additional forwarding rules to let root containers |
||
| 4 | # reach external networks when using Netavark (since v4.0) or CNI (deprecated). |
||
| 5 | # At the time of writing, Podman supports automatic configuration |
||
| 6 | # of firewall rules with iptables and firewalld only. |
||
| 7 | # |
||
| 8 | class nftables::rules::podman {
|
||
| 9 | nftables::rule {
|
||
| 10 | 'default_fwd-podman_establised': |
||
| 11 | content => 'ip daddr 10.88.0.0/16 ct state related,established accept', |
||
| 12 | } |
||
| 13 | nftables::rule {
|
||
| 14 | 'default_fwd-podman_accept': |
||
| 15 | content => 'ip saddr 10.88.0.0/16 accept', |
||
| 16 | } |
||
| 17 | } |