[Thincrust-devel] [PATCH ace] add FORWARD chain and in_interface options
Joey Boggs
jboggs at redhat.com
Wed Feb 18 02:37:06 UTC 2009
The FORWARD chain and in_interface options of iptables are required to support nat
---
modules/firewall/manifests/firewall.pp | 5 +++--
modules/firewall/templates/rule.erb | 3 +++
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/modules/firewall/manifests/firewall.pp b/modules/firewall/manifests/firewall.pp
index 2b03cc0..51a8ca2 100644
--- a/modules/firewall/manifests/firewall.pp
+++ b/modules/firewall/manifests/firewall.pp
@@ -41,7 +41,7 @@ class firewall {
notify => Exec["reload-firewall"],
}
- file { [ "$firewall_dir/filter/INPUT", "$firewall_dir/filter/OUTPUT" ]:
+ file { [ "$firewall_dir/filter/INPUT", "$firewall_dir/filter/OUTPUT", "$firewall_dir/filter/FORWARD" ]:
ensure => directory,
mode => 0755,
require => File["${firewall_dir}/filter"],
@@ -141,7 +141,8 @@ define firewall_rule (
$destination = '',
$action = 'ACCEPT',
$table = 'filter',
- $out_interface = ''
+ $out_interface = '',
+ $in_interface = ''
) {
file { "/usr/share/firewall/${table}/${chain}/${name}":
owner => root,
diff --git a/modules/firewall/templates/rule.erb b/modules/firewall/templates/rule.erb
index 75b06df..6a480c8 100644
--- a/modules/firewall/templates/rule.erb
+++ b/modules/firewall/templates/rule.erb
@@ -21,6 +21,9 @@
--source-port <%= source_port + " " -%>
<% end -%>
<% end -%>
+<% unless in_interface.empty? -%>
+--in-interface <%= in_interface %> <%= " " -%>
+<% end -%>
<% unless out_interface.empty? -%>
--out-interface <%= out_interface %> <%= " " -%>
<% end -%>
--
1.6.0.6
More information about the Thincrust-devel
mailing list