Révision fcb79d73
support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid
namespace conflicts
| spec/classes/ip_nat_spec.rb | ||
|---|---|---|
| 237 | 237 |
} |
| 238 | 238 |
end |
| 239 | 239 |
|
| 240 |
context 'custom ip nat table name' do |
|
| 241 |
let(:params) do |
|
| 242 |
{
|
|
| 243 |
'nat_table_name' => 'mycustomtablename', |
|
| 244 |
} |
|
| 245 |
end |
|
| 246 |
|
|
| 247 |
it { is_expected.to compile }
|
|
| 248 |
it {
|
|
| 249 |
is_expected.to contain_concat('nftables-ip-mycustomtablename').with(
|
|
| 250 |
path: '/etc/nftables/puppet-preflight/ip-mycustomtablename.nft', |
|
| 251 |
ensure: 'present', |
|
| 252 |
owner: 'root', |
|
| 253 |
group: 'root', |
|
| 254 |
mode: '0640', |
|
| 255 |
) |
|
| 256 |
} |
|
| 257 |
end |
|
| 258 |
|
|
| 240 | 259 |
context 'all nat tables disabled' do |
| 241 | 260 |
let(:params) do |
| 242 | 261 |
{
|
Formats disponibles : Unified diff