masquerade.lua 636 Bytes
Newer Older
1 2
--[[
IPSet-based masquerading module for Alpine Wall
3
Copyright (C) 2012-2016 Kaarle Ritvanen
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
4
See LICENSE file for license details
5 6 7 8
]]--


-- TODO configuration of the ipset via JSON config
9 10 11 12 13 14 15 16
return {
   export={
      ['%masquerade']={
	 rules={
	    {
	       family='inet',
	       table='nat',
	       chain='POSTROUTING',
17
	       match='-m set --match-set awall-masquerade src',
18 19 20 21 22 23
	       target='awall-masquerade'
	    },
	    {
	       family='inet',
	       table='nat',
	       chain='awall-masquerade',
24
	       match='-m set ! --match-set awall-masquerade dst',
25 26
	       target='MASQUERADE'
	    }
27
	 },
28 29
	 after='snat'
      }
30 31
   }
}