Match interfaces by name so we can start nftables before they exist

[chef.git] / cookbooks / networking / templates / default / nftables.conf.erb

diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index 55c4a1c18d2bd7a18b0385e3d511098e125ec60e..8594cc24498a0a05b64f74ff027fb872cc77934a 100644 (file)
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -112,7 +112,7 @@ table inet filter {
     type filter hook input priority filter;
 
 <%- unless @interfaces.empty? %>
-    iif { $external-interfaces } jump incoming
+    iifname { $external-interfaces } jump incoming
 <%- end %>
 
     accept
@@ -122,8 +122,8 @@ table inet filter {
     type filter hook forward priority filter;
 
 <%- unless @interfaces.empty? %>
-    iif { $external-interfaces } jump incoming
-    oif { $external-interfaces } jump outgoing
+    iifname { $external-interfaces } jump incoming
+    oifname { $external-interfaces } jump outgoing
 <%- end %>
 
     accept
@@ -133,7 +133,7 @@ table inet filter {
     type filter hook output priority filter;
 
 <%- unless @interfaces.empty? %>
-    oif { $external-interfaces } jump outgoing
+    oifname { $external-interfaces } jump outgoing
 <%- end %>
 
     accept
@@ -145,9 +145,9 @@ table ip nat {
   chain postrouting {
     type nat hook postrouting priority srcnat;
 
-<%- node.interfaces(:role => :external).each do |external| %>
-<%- node.interfaces(:role => :internal).each do |internal| %>
-    oif { < %= external[:interface] %> } ip saddr { <%= internal[:network] %>/<%= internal[:prefix] %> } snat <%= external[:address] %>
+<%- node.interfaces(:role => :external, :family => :inet).each do |external| %>
+<%- node.interfaces(:role => :internal, :family => :inet).each do |internal| %>
+    oifname { <%= external[:interface] %> } ip saddr { <%= internal[:network] %>/<%= internal[:prefix] %> } snat <%= external[:address] %>
 <%- end %>
 <%- end %>
   }