X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/a4c4a8a5a8cde7f9bf91ae49a9dc1ce23e77293b..1d06c44847ea4ebca7cc114902d149041476fc00:/cookbooks/networking/templates/default/nftables.conf.erb?ds=sidebyside diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb index 55c4a1c18..8594cc244 100644 --- a/cookbooks/networking/templates/default/nftables.conf.erb +++ b/cookbooks/networking/templates/default/nftables.conf.erb @@ -112,7 +112,7 @@ table inet filter { type filter hook input priority filter; <%- unless @interfaces.empty? %> - iif { $external-interfaces } jump incoming + iifname { $external-interfaces } jump incoming <%- end %> accept @@ -122,8 +122,8 @@ table inet filter { type filter hook forward priority filter; <%- unless @interfaces.empty? %> - iif { $external-interfaces } jump incoming - oif { $external-interfaces } jump outgoing + iifname { $external-interfaces } jump incoming + oifname { $external-interfaces } jump outgoing <%- end %> accept @@ -133,7 +133,7 @@ table inet filter { type filter hook output priority filter; <%- unless @interfaces.empty? %> - oif { $external-interfaces } jump outgoing + oifname { $external-interfaces } jump outgoing <%- end %> accept @@ -145,9 +145,9 @@ table ip nat { chain postrouting { type nat hook postrouting priority srcnat; -<%- node.interfaces(:role => :external).each do |external| %> -<%- node.interfaces(:role => :internal).each do |internal| %> - oif { < %= external[:interface] %> } ip saddr { <%= internal[:network] %>/<%= internal[:prefix] %> } snat <%= external[:address] %> +<%- node.interfaces(:role => :external, :family => :inet).each do |external| %> +<%- node.interfaces(:role => :internal, :family => :inet).each do |internal| %> + oifname { <%= external[:interface] %> } ip saddr { <%= internal[:network] %>/<%= internal[:prefix] %> } snat <%= external[:address] %> <%- end %> <%- end %> }