tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

library/roles/iptables/templates/iptables-rules.v4.j2: fix the template so that it manages NAT correctly.

This commit is contained in:
Andrea Dell'Amico 2016-06-11 16:56:12 +02:00
parent 1dbe0c9209
commit b465587c3c
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
iptables/templates/iptables-rules.v4.j2
View File

@ -252,14 +252,21 @@
{% else %} {% else %}
# NAT is enabled, we need to accept traffic that is forwarded # NAT is enabled, we need to accept traffic that is forwarded
-A FORWARD -j ACCEPT -A FORWARD -j ACCEPT
{% endif %}
COMMIT
{% if iptables_nat_enabled %}
# NAT rules # NAT rules
*nat *nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
{% if iptables_nat_specify_interfaces %} {% if iptables_nat_specify_interfaces %}
{% for int in iptables_nat_interface %} {% for int in iptables_nat_interfaces %}
-A POSTROUTING -o {{ int }} -j MASQUERADE -A POSTROUTING -o {{ int }} -j MASQUERADE
{% endfor %} {% endfor %}
{% else %} {% else %}
-A POSTROUTING -j MASQUERADE -A POSTROUTING -j MASQUERADE
{% endif %} {% endif %}
COMMIT COMMIT
{% endif %}