library/roles/iptables/templates/iptables-rules.v4.j2: fix the template so that it manages NAT correctly.

2016-06-11 16:56:12 +02:00 · 2016-06-11 16:56:12 +02:00 · b465587c3c
parent 1dbe0c9209
commit b465587c3c
1 changed files with 9 additions and 2 deletions
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@ -252,14 +252,21 @@
 {% else %}
 # NAT is enabled, we need to accept traffic that is forwarded
 -A FORWARD -j ACCEPT
+{% endif %}
+COMMIT
+{% if iptables_nat_enabled %}
 # NAT rules
 *nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
 {% if iptables_nat_specify_interfaces %}
-{% for int in iptables_nat_interface %}
+{% for int in iptables_nat_interfaces %}
 -A POSTROUTING -o {{ int }} -j MASQUERADE
 {% endfor %}
 {% else %}
 -A POSTROUTING  -j MASQUERADE
 {% endif %}
-
 COMMIT
+{% endif %}