/manifests/ip_nat.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / ip_nat.pp @ fcb1d356

1	c8092701	tr	# manage basic chains in table ip nat
2			class nftables::ip_nat inherits nftables {
3	fcb1d356	Nacho Barrientos	nftables::config { ['ip-nat', 'ip6-nat']: }
4	c8092701	tr
5	11bf7237	Steve Traylen	nftables::chain {
6	c8092701	tr	[
7			'PREROUTING',
8			'POSTROUTING',
9			]:
10			table => 'ip-nat';
11			}
12
13	11bf7237	Steve Traylen	nftables::chain {
14	248ef9d5	tr	[
15			'PREROUTING6',
16			'POSTROUTING6',
17			]:
18			table => 'ip6-nat';
19			}
20
21	c8092701	tr	# ip-nat-chain-PREROUTING
22	11bf7237	Steve Traylen	nftables::rule {
23	c8092701	tr	'PREROUTING-type':
24	248ef9d5	tr	table => 'ip-nat',
25	c8092701	tr	order => '01',
26			content => 'type nat hook prerouting priority -100';
27			'PREROUTING-policy':
28	248ef9d5	tr	table => 'ip-nat',
29			order => '02',
30			content => 'policy accept';
31			'PREROUTING6-type':
32			table => 'ip6-nat',
33			order => '01',
34			content => 'type nat hook prerouting priority -100';
35			'PREROUTING6-policy':
36			table => 'ip6-nat',
37	c8092701	tr	order => '02',
38			content => 'policy accept';
39			}
40
41			# ip-nat-chain-POSTROUTING
42	11bf7237	Steve Traylen	nftables::rule {
43	c8092701	tr	'POSTROUTING-type':
44	248ef9d5	tr	table => 'ip-nat',
45	c8092701	tr	order => '01',
46			content => 'type nat hook postrouting priority 100';
47			'POSTROUTING-policy':
48	248ef9d5	tr	table => 'ip-nat',
49			order => '02',
50			content => 'policy accept';
51			'POSTROUTING6-type':
52			table => 'ip6-nat',
53			order => '01',
54			content => 'type nat hook postrouting priority 100';
55			'POSTROUTING6-policy':
56			table => 'ip6-nat',
57	c8092701	tr	order => '02',
58			content => 'policy accept';
59			}
60			}