Partner/customfirewall
12
0
Fork 0
Code Pull Requests Projects Releases Activity

Allow for 1:1 NAT. Ignore addresses if undefined

Browse Source
This commit is contained in:
root 2019-04-25 13:41:15 -07:00
parent 4cb23eb19f
commit 9e1afc2731
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
40_customfirewall
View File

@ -31,8 +31,14 @@ function start() {
done
for rule_def in $FORWARDS ; do
IFS=, read -r ip proto port destination <<< "$rule_def"
iptables -t nat -A customfirewall_prerouting -d $ip -p $proto --dport $port -j DNAT --to-destination $destination
IFS=, read -r ip destination proto port <<< "$rule_def"
if [ -n "$proto" ] ; then
proto_opts="-p $proto"
if [ -n "$port" ] ; then
proto_opts="$proto_opts --dport $port"
fi
fi
iptables -t nat -A customfirewall_prerouting -d $ip $proto_opts -j DNAT --to-destination $destination
done
for ip in $(get_destination_ips) ; do

6
customfirewall
View File

@ -1,6 +1,6 @@
{% if pillar['customfirewall']['addresses'] %}
{% if pillar['customfirewall'].get('addresses', False) %}
ADDRESSES='{% for address in pillar['customfirewall']['addresses'] %}{{ address['interface'] }},{{ address['ip'] }} {% endfor %}'
{% endif %}
{% if pillar['customfirewall']['forwards'] %}
FORWARDS='{% for forward in pillar['customfirewall']['forwards'] %}{{ forward['ip'] }},{{ forward['protocol'] }},{{ forward['port'] }},{{ forward['destination'] }} {% endfor %}'
{% if pillar['customfirewall'].get('forwards', False) %}
FORWARDS='{% for forward in pillar['customfirewall']['forwards'] %}{{ forward['ip'] }},{{ forward['destination'] }},{{ forward.get('protocol', '') }},{{ forward.get('port', '') }} {% endfor %}'
{% endif %}