Commit c4e427e6 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

masquerading set rule applied after other SNAT rules

parent 059468bd
......@@ -10,7 +10,9 @@ module(..., package.seeall)
classes = {}
-- TODO configuration of the ipset via JSON config
defrules = {pre={{family='inet', table='nat', chain='POSTROUTING',
opts='-m set --match-set awall-masquerade src -j awall-masquerade'},
{family='inet', table='nat', chain='awall-masquerade',
opts='-m set ! --match-set awall-masquerade dst -j MASQUERADE'}}}
defrules = {['post-snat']={{family='inet', table='nat',
chain='POSTROUTING',
opts='-m set --match-set awall-masquerade src -j awall-masquerade'},
{family='inet', table='nat',
chain='awall-masquerade',
opts='-m set ! --match-set awall-masquerade dst -j MASQUERADE'}}}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment