Merge branch 'master' of adellam/ansible-roles into master

library/roles/iptables/defaults/main.yml

@@ -46,6 +46,7 @@ iptables_deb_pkgs:
 iptables_default_policy: ACCEPT
 iptables_nat_enabled: False
 iptables_nat_specify_interfaces: True
+iptables_post_nat_enabled: False
 iptables_nat_interfaces:
   - '{{ ansible_default_ipv4.interface }}'
 iptables_input_default_policy: '{{ iptables_default_policy }}'

library/roles/iptables/templates/iptables-rules.v4.j2

@@ -345,6 +345,7 @@
 {% endif %}
 COMMIT
 {% if iptables_nat_enabled %}
+# This should be obsoleted
 # NAT rules
 *nat
 :PREROUTING ACCEPT [0:0]
@@ -360,3 +361,17 @@ COMMIT
 {% endif %}
 COMMIT
 {% endif %}
+
+{% if iptables_post_nat_enabled %}
+# NAT rules
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+{% for rule in iptables_nat_rules %}
+-A POSTROUTING {{ rule.options }} -j {{ rule.action | default('MASQUERADE') }}
+{% endfor %}
+COMMIT
+{% endif %}
+