Skip to content

Commit

Permalink
Merge pull request #79 from andrewheald/allow-ipv6-nat
Browse files Browse the repository at this point in the history 
Allow NAT for IPv6.
  • Loading branch information
@rtkrruvinskiy
rtkrruvinskiy committed Feb 10, 2016
2 parents b19a1cb + fb821bd commit eae233d
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 9 deletions.
8 changes: 4 additions & 4 deletions attributes/default.rb
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
default["simple_iptables"]["ipv4"]["rules"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv4"]["chains"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv4"]["policy"] = {"filter" => {}, "nat" => {}, "mangle" => {}, "raw" => {}}
default["simple_iptables"]["ipv6"]["rules"] = {"filter" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv6"]["chains"] = {"filter" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv6"]["policy"] = {"filter" => {}, "mangle" => {}, "raw" => {}}
default["simple_iptables"]["ipv6"]["rules"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv6"]["chains"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv6"]["policy"] = {"filter" => {}, "nat" => {}, "mangle" => {}, "raw" => {}}

default["simple_iptables"]["ipv4"]["tables"] = %w(filter nat mangle raw)
default["simple_iptables"]["ipv6"]["tables"] = %w(filter mangle raw)
default["simple_iptables"]["ipv6"]["tables"] = %w(filter nat mangle raw)
default["simple_iptables"]["ip_versions"] = ["ipv4"]
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,5 @@
},
"recipes": {
},
"version": "0.7.4"
"version": "0.7.5"
}
2 changes: 1 addition & 1 deletion metadata.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
license "BSD"
description "Simple LWRP and recipe for managing iptables rules"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version "0.7.4"
version "0.7.5"
name "simple_iptables"

supports "debian", ">= 6.0"
Expand Down
4 changes: 4 additions & 0 deletions providers/rule.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@
updated |= handle_rule(new_resource, "ipv4")
end
if [:ipv6, :both].include?(new_resource.ip_version)
if new_resource.table == 'nat' &&
Gem::Version.new(/\d+(\.\d+(.\d+)?)?/.match(node['kernel']['release'])[0]) < Gem::Version.new('3.7')
raise "NAT table cannot be used with IPv6 before Kernel 3.7"
end
updated |= handle_rule(new_resource, "ipv6")
end
new_resource.updated_by_last_action(updated)
Expand Down
6 changes: 3 additions & 3 deletions recipes/default.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@
node.set["simple_iptables"]["ipv4"]["rules"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
node.set["simple_iptables"]["ipv4"]["policy"] = {"filter" => {}, "nat" => {}, "mangle" => {}, "raw" => {}}

node.set["simple_iptables"]["ipv6"]["chains"] = {"filter" => [], "mangle" => [], "raw" => []}
node.set["simple_iptables"]["ipv6"]["rules"] = {"filter" => [], "mangle" => [], "raw" => []}
node.set["simple_iptables"]["ipv6"]["policy"] = {"filter" => {}, "mangle" => {}, "raw" => {}}
node.set["simple_iptables"]["ipv6"]["chains"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
node.set["simple_iptables"]["ipv6"]["rules"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
node.set["simple_iptables"]["ipv6"]["policy"] = {"filter" => {}, "nat" => {}, "mangle" => {}, "raw" => {}}
# Then run all the simple_iptables_* resources
run_context.resource_collection.each do |resource|
if resource.kind_of?(Chef::Resource::SimpleIptablesRule)
Expand Down
17 changes: 17 additions & 0 deletions templates/default/ip6tables-rules.erb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,20 @@
<% if node["simple_iptables"]["ipv6"]["tables"].include?('nat') &&
Gem::Version.new(/\d+(\.\d+(.\d+)?)?/.match(node['kernel']['release'])[0]) >= Gem::Version.new('3.7') %>
# This file generated by Chef. Changes will be overwritten.
*nat
:PREROUTING <%= node["simple_iptables"]["ipv6"]["policy"]["nat"]["PREROUTING"] || "ACCEPT" %> [0:0]
:INPUT <%= node["simple_iptables"]["ipv6"]["policy"]["nat"]["INPUT"] || "ACCEPT" %> [0:0]
:OUTPUT <%= node["simple_iptables"]["ipv6"]["policy"]["nat"]["OUTPUT"] || "ACCEPT" %> [0:0]
:POSTROUTING <%= node["simple_iptables"]["ipv6"]["policy"]["nat"]["POSTROUTING"] || "ACCEPT" %> [0:0]
<% node["simple_iptables"]["ipv6"]["chains"]["nat"].each do |chain| -%>
:<%= chain %> - [0:0]
<% end -%>
<% node["simple_iptables"]["ipv6"]["rules"]["nat"].each do |rule| -%>
<%= rule[:rule] %>
<% end -%>
COMMIT
# Completed
<% end %>
<% if node["simple_iptables"]["ipv6"]["tables"].include?('mangle') %>
# This file generated by Chef. Changes will be overwritten.
*mangle
Expand Down

0 comments on commit eae233d

Please sign in to comment.