Révision fcb79d73
support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid
namespace conflicts
| manifests/rules/snat4.pp | ||
|---|---|---|
| 38 | 38 |
nftables::rule {
|
| 39 | 39 |
"${chain}-${rulename}":
|
| 40 | 40 |
ensure => $ensure, |
| 41 |
table => 'ip-nat',
|
|
| 41 |
table => "ip-${nftables::nat_table_name}",
|
|
| 42 | 42 |
order => $order, |
| 43 | 43 |
content => "${oifname}${src}${protocol}${port}snat ${snat}";
|
| 44 | 44 |
} |
Formats disponibles : Unified diff