]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/networking/templates/default/nftables.conf.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Limit NAT to IPv4 interfaces
[chef.git] / cookbooks / networking / templates / default / nftables.conf.erb
diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index 86ead58cfc2d5592062f9136bd77bd47e4eb92a2..a3dae7143d12bdf97ab4bda28ea83b0b45f836ee 100644 (file)
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -145,8 +145,8 @@ table ip nat {
   chain postrouting {
     type nat hook postrouting priority srcnat;
 
-<%- node.interfaces(:role => :external).each do |external| %>
-<%- node.interfaces(:role => :internal).each do |internal| %>
+<%- node.interfaces(:role => :external, :family => :inet).each do |external| %>
+<%- node.interfaces(:role => :internal, :family => :inet).each do |internal| %>
     oif { <%= external[:interface] %> } ip saddr { <%= internal[:network] %>/<%= internal[:prefix] %> } snat <%= external[:address] %>
 <%- end %>
 <%- end %>
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.