Skip to content
This repository has been archived by the owner on Jan 15, 2025. It is now read-only.

Allow NAT for IPv6. #79

Merged
merged 4 commits into from
Feb 10, 2016
Merged

Allow NAT for IPv6. #79

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
eecd196
Allow NAT for IPv6.
andrewheald Feb 7, 2016
0807124
Remove conditional that isn'y needed.
andrewheald Feb 8, 2016
5863d15
1. Don't allow NAT rules on IPv6 on kernels older that 3.7.
andrewheald Feb 8, 2016
fb821bd
Always include a NAT table when on kernel 3.7 or better.
andrewheald Feb 10, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions attributes/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
default["simple_iptables"]["ipv4"]["rules"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv4"]["chains"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv4"]["policy"] = {"filter" => {}, "nat" => {}, "mangle" => {}, "raw" => {}}
default["simple_iptables"]["ipv6"]["rules"] = {"filter" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv6"]["chains"] = {"filter" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv6"]["policy"] = {"filter" => {}, "mangle" => {}, "raw" => {}}
default["simple_iptables"]["ipv6"]["rules"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv6"]["chains"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
default["simple_iptables"]["ipv6"]["policy"] = {"filter" => {}, "nat" => {}, "mangle" => {}, "raw" => {}}

default["simple_iptables"]["ipv4"]["tables"] = %w(filter nat mangle raw)
default["simple_iptables"]["ipv6"]["tables"] = %w(filter mangle raw)
default["simple_iptables"]["ipv6"]["tables"] = %w(filter nat mangle raw)
default["simple_iptables"]["ip_versions"] = ["ipv4"]
2 changes: 1 addition & 1 deletion metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,5 @@
},
"recipes": {
},
"version": "0.7.4"
"version": "0.7.5"
}
2 changes: 1 addition & 1 deletion metadata.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
license "BSD"
description "Simple LWRP and recipe for managing iptables rules"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version "0.7.4"
version "0.7.5"
name "simple_iptables"

supports "debian", ">= 6.0"
Expand Down
4 changes: 4 additions & 0 deletions providers/rule.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@
updated |= handle_rule(new_resource, "ipv4")
end
if [:ipv6, :both].include?(new_resource.ip_version)
if new_resource.table == 'nat' &&
Gem::Version.new(/\d+(\.\d+(.\d+)?)?/.match(node['kernel']['release'])[0]) < Gem::Version.new('3.7')
raise "NAT table cannot be used with IPv6 before Kernel 3.7"
end
updated |= handle_rule(new_resource, "ipv6")
end
new_resource.updated_by_last_action(updated)
Expand Down
6 changes: 3 additions & 3 deletions recipes/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@
node.set["simple_iptables"]["ipv4"]["rules"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
node.set["simple_iptables"]["ipv4"]["policy"] = {"filter" => {}, "nat" => {}, "mangle" => {}, "raw" => {}}

node.set["simple_iptables"]["ipv6"]["chains"] = {"filter" => [], "mangle" => [], "raw" => []}
node.set["simple_iptables"]["ipv6"]["rules"] = {"filter" => [], "mangle" => [], "raw" => []}
node.set["simple_iptables"]["ipv6"]["policy"] = {"filter" => {}, "mangle" => {}, "raw" => {}}
node.set["simple_iptables"]["ipv6"]["chains"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
node.set["simple_iptables"]["ipv6"]["rules"] = {"filter" => [], "nat" => [], "mangle" => [], "raw" => []}
node.set["simple_iptables"]["ipv6"]["policy"] = {"filter" => {}, "nat" => {}, "mangle" => {}, "raw" => {}}
# Then run all the simple_iptables_* resources
run_context.resource_collection.each do |resource|
if resource.kind_of?(Chef::Resource::SimpleIptablesRule)
Expand Down
17 changes: 17 additions & 0 deletions templates/default/ip6tables-rules.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,20 @@
<% if node["simple_iptables"]["ipv6"]["tables"].include?('nat') &&
Gem::Version.new(/\d+(\.\d+(.\d+)?)?/.match(node['kernel']['release'])[0]) >= Gem::Version.new('3.7') %>
# This file generated by Chef. Changes will be overwritten.
*nat
:PREROUTING <%= node["simple_iptables"]["ipv6"]["policy"]["nat"]["PREROUTING"] || "ACCEPT" %> [0:0]
:INPUT <%= node["simple_iptables"]["ipv6"]["policy"]["nat"]["INPUT"] || "ACCEPT" %> [0:0]
:OUTPUT <%= node["simple_iptables"]["ipv6"]["policy"]["nat"]["OUTPUT"] || "ACCEPT" %> [0:0]
:POSTROUTING <%= node["simple_iptables"]["ipv6"]["policy"]["nat"]["POSTROUTING"] || "ACCEPT" %> [0:0]
<% node["simple_iptables"]["ipv6"]["chains"]["nat"].each do |chain| -%>
:<%= chain %> - [0:0]
<% end -%>
<% node["simple_iptables"]["ipv6"]["rules"]["nat"].each do |rule| -%>
<%= rule[:rule] %>
<% end -%>
COMMIT
# Completed
<% end %>
<% if node["simple_iptables"]["ipv6"]["tables"].include?('mangle') %>
# This file generated by Chef. Changes will be overwritten.
*mangle
Expand Down