Révision fcb79d73
support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid
namespace conflicts
| manifests/rules/masquerade.pp | ||
|---|---|---|
| 42 | 42 |
nftables::rule {
|
| 43 | 43 |
"${chain}-${rulename}":
|
| 44 | 44 |
ensure => $ensure, |
| 45 |
table => 'ip-nat',
|
|
| 45 |
table => "ip-${nftables::nat_table_name}",
|
|
| 46 | 46 |
order => $order, |
| 47 | 47 |
content => "${oifname}${src}${dst}${protocol}${port}masquerade";
|
| 48 | 48 |
} |
Formats disponibles : Unified diff