]> git.openstreetmap.org Git - chef.git/commitdiff
projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: fb49e14)
Update shorewall to use snat configuration file instead of masq
authorTom Hughes <tom@compton.nu>
Mon, 11 Jul 2022 07:42:52 +0000 (08:42 +0100)
committerTom Hughes <tom@compton.nu>
Mon, 11 Jul 2022 07:50:08 +0000 (08:50 +0100)
cookbooks/networking/recipes/default.rb patch | blob | history
cookbooks/networking/templates/default/shorewall-masq.erb [deleted file] patch | blob | history
cookbooks/networking/templates/default/shorewall-snat.erb [new file with mode: 0644] patch | blob

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 3a30f20f969ede3e6f314e27b6a4867d702cd5dd..162e0c3a86f569ad3be98a86fea81e9da2ab42b4 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -512,16 +512,24 @@ if node[:networking][:wireguard][:enabled]
   end
 end
 
+file "/etc/shorewall/masq" do
+  action :delete
+end
+
+file "/etc/shorewall/masq.bak" do
+  action :delete
+end
+
 if node[:roles].include?("gateway")
-  template "/etc/shorewall/masq" do
-    source "shorewall-masq.erb"
+  template "/etc/shorewall/snat" do
+    source "shorewall-snat.erb"
     owner "root"
     group "root"
     mode "644"
     notifies :restart, "service[shorewall]"
   end
 else
-  file "/etc/shorewall/masq" do
+  file "/etc/shorewall/snat" do
     action :delete
     notifies :restart, "service[shorewall]"
   end
diff --git a/cookbooks/networking/templates/default/shorewall-masq.erb b/cookbooks/networking/templates/default/shorewall-masq.erb
deleted file mode 100644 (file)
index 856f60e..0000000
--- a/cookbooks/networking/templates/default/shorewall-masq.erb
+++ /dev/null
@@ -1,8 +0,0 @@
-# DO NOT EDIT - This file is being maintained by Chef
-
-# INTERFACE    SOURCE          ADDRESS
-<% node.interfaces(:role => :external).each do |external| -%>
-<% node.interfaces(:role => :internal).each do |internal| -%>
-<%= external[:interface] %>            <%= internal[:network] %>/<%= internal[:prefix] %>      detect
-<% end -%>
-<% end -%>
diff --git a/cookbooks/networking/templates/default/shorewall-snat.erb b/cookbooks/networking/templates/default/shorewall-snat.erb
new file mode 100644 (file)
index 0000000..59c6da6
--- /dev/null
+++ b/cookbooks/networking/templates/default/shorewall-snat.erb
@@ -0,0 +1,8 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+# ACTION        SOURCE          DEST            PROTO   PORT   IPSEC  MARK   USER    SWITCH  ORIGDEST   PROBABILITY
+<% node.interfaces(:role => :external).each do |external| -%>
+<% node.interfaces(:role => :internal).each do |internal| -%>
+SNAT(detect)   <%= internal[:network] %>/<%= internal[:prefix] %>      <%= external[:interface] %>
+<% end -%>
+<% end -%>
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.