Révision fcb79d73
support a different table name for 'nat'
- Some applications (such as libvirt) still use iptables to inject firewall
rules
- iptables will refuse to update tables that were initially created with nft
- This commit allows defining the name of the 'nat' table in order to avoid
namespace conflicts
| templates/config/puppet.nft.epp | ||
|---|---|---|
| 26 | 26 |
include "inet-filter.nft" |
| 27 | 27 |
<% } -%> |
| 28 | 28 |
<% if $nat { -%>
|
| 29 |
include "ip-nat.nft"
|
|
| 30 |
include "ip6-nat.nft"
|
|
| 29 |
include "ip-<%= $nftables::nat_table_name %>.nft"
|
|
| 30 |
include "ip6-<%= $nftables::nat_table_name %>.nft"
|
|
| 31 | 31 |
<% } -%> |
Formats disponibles : Unified diff