Commit 58535486 authored by m.pausch's avatar m.pausch
Browse files

Make nat rules optional

parent 3dec5515
......@@ -11,13 +11,19 @@ default['sys']['firewall']['defaults']['policy'] = {
}
default['sys']['firewall']['defaults']['ruleset'] = {
'add table inet filter' => 1,
'add table ip6 nat' => 1,
'add table ip nat' => 1,
"add chain inet filter input { type filter hook input priority 0 ; policy #{node['sys']['firewall']['defaults']['policy']['input']}; }" => 2,
"add chain inet filter output { type filter hook output priority 0 ; policy #{node['sys']['firewall']['defaults']['policy']['output']}; }" => 2,
"add chain inet filter foward { type filter hook forward priority 0 ; policy #{node['sys']['firewall']['defaults']['policy']['forward']}; }" => 2,
'add chain ip nat postrouting { type nat hook postrouting priority 100 ;}' => 2,
'add chain ip nat prerouting { type nat hook prerouting priority -100 ;}' => 2,
'add chain ip6 nat postrouting { type nat hook postrouting priority 100 ;}' => 2,
'add chain ip6 nat prerouting { type nat hook prerouting priority -100 ;}' => 2,
"add chain inet filter forward { type filter hook forward priority 0 ; policy #{node['sys']['firewall']['defaults']['policy']['forward']}; }" => 2,
}
if node['sys']['firewall']['table_ip_nat']
default['sys']['firewall']['defaults']['ruleset']['add table ip nat'] = 1
default['sys']['firewall']['defaults']['ruleset']['add chain ip nat postrouting { type nat hook postrouting priority 100 ;}'] = 2
default['sys']['firewall']['defaults']['ruleset']['add chain ip nat prerouting { type nat hook prerouting priority -100 ;}'] = 2
end
if node['sys']['firewall']['table_ip6_nat']
default['sys']['firewall']['defaults']['ruleset']['add table ip6 nat'] = 1
default['sys']['firewall']['defaults']['ruleset']['add chain ip6 nat postrouting { type nat hook postrouting priority 100 ;}'] = 2
default['sys']['firewall']['defaults']['ruleset']['add chain ip6 nat prerouting { type nat hook prerouting priority -100 ;}'] = 2
end
......@@ -16,4 +16,4 @@ supports 'debian'
depends 'line', '< 1.0'
depends 'chef-vault'
version '1.65.1'
version '1.65.2'
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment