Révision fcb79d73
support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid
namespace conflicts
| manifests/rules/dnat4.pp | ||
|---|---|---|
| 32 | 32 |
"${chain}-${rulename}":
|
| 33 | 33 |
content => "${iifname}ip daddr ${daddr} ${proto} dport ${filter_port} accept";
|
| 34 | 34 |
"PREROUTING-${rulename}":
|
| 35 |
table => 'ip-nat',
|
|
| 35 |
table => "ip-${nftables::nat_table_name}",
|
|
| 36 | 36 |
content => "${iifname}${proto} dport ${port} dnat to ${daddr}${nat_port}";
|
| 37 | 37 |
} |
| 38 | 38 |
} |
Formats disponibles : Unified diff