Commit 8d6917d7 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen
Browse files

enable ipset-based masquerading

parent e0621569
......@@ -76,8 +76,8 @@ end
classmap = {dnat=DNATRule, snat=SNATRule}
defrules = {}
-- TODO configuration of _nat ipset via config.json
--defrules = {{family='ip4', table='nat', chain='POSTROUTING',
-- opts='-m set --match-set _nat src ! --match-set _nat dst -j MASQUERADE'}}
-- TODO configuration of the ipset via JSON config
defrules = {{family='ip4', table='nat', chain='POSTROUTING',
opts='-m set --match-set awall-masquerade src -j awall-masquerade'},
{family='ip4', table='nat', chain='awall-masquerade',
opts='-m set ! --match-set awall-masquerade dst -j MASQUERADE'}}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment