Index: trunk/packages/sipb-xen-iptables/code/iptables.rules =================================================================== --- trunk/packages/sipb-xen-iptables/code/iptables.rules (revision 1053) +++ (revision ) @@ -1,17 +1,0 @@ -*nat -:PREROUTING ACCEPT [5:300] -:POSTROUTING ACCEPT [8:674] -:OUTPUT ACCEPT [8:674] --A PREROUTING -s ! 18.181.0.60 -i eth0 -p tcp -m tcp --dport 10003 -j DNAT --to-destination 18.181.0.60:10003 --A POSTROUTING -d 18.181.0.60 -o eth0 -p tcp -m tcp --dport 10003 -j SNAT --to-source 18.181.0.62 --A PREROUTING -s ! 18.181.0.165 -i eth0 -p tcp -m tcp --dport 10004 -j DNAT --to-destination 18.181.0.165:10003 --A POSTROUTING -d 18.181.0.165 -o eth0 -p tcp -m tcp --dport 10003 -j SNAT --to-source 18.181.0.62 -COMMIT - -*filter -:INPUT ACCEPT [366:44912] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [292:53151] --A FORWARD -d 18.181.0.60 -i eth0 -o eth0 -p tcp -m tcp --dport 10003 -j ACCEPT --A FORWARD -d 18.181.0.165 -i eth0 -o eth0 -p tcp -m tcp --dport 10003 -j ACCEPT -COMMIT Index: trunk/packages/sipb-xen-iptables/config.todo =================================================================== --- trunk/packages/sipb-xen-iptables/config.todo (revision 1053) +++ (revision ) @@ -1,1 +1,0 @@ -code/iptables.rules: specific IPs Index: trunk/packages/sipb-xen-iptables/debian/changelog =================================================================== --- trunk/packages/sipb-xen-iptables/debian/changelog (revision 1053) +++ trunk/packages/sipb-xen-iptables/debian/changelog (revision 1055) @@ -1,2 +1,8 @@ +sipb-xen-iptables (2) unstable; urgency=low + + * invirt-configurize sipb-xen-iptables + + -- Evan Broder Sun, 05 Oct 2008 01:22:25 -0400 + sipb-xen-iptables (1) unstable; urgency=low Index: trunk/packages/sipb-xen-iptables/debian/rules =================================================================== --- trunk/packages/sipb-xen-iptables/debian/rules (revision 1053) +++ trunk/packages/sipb-xen-iptables/debian/rules (revision 1055) @@ -2,5 +2,2 @@ include /usr/share/cdbs/1/rules/debhelper.mk - -binary-fixup/sipb-xen-iptables:: - svn co https://sipb-xen-dev.mit.edu:1111/trunk/packages/sipb-xen-iptables/code/ $(DEB_DESTDIR)/usr/local/share/sipb-xen-iptables Index: trunk/packages/sipb-xen-iptables/debian/sipb-xen-iptables.init =================================================================== --- trunk/packages/sipb-xen-iptables/debian/sipb-xen-iptables.init (revision 1053) +++ trunk/packages/sipb-xen-iptables/debian/sipb-xen-iptables.init (revision 1055) @@ -18,5 +18,5 @@ DESC="Load the sipb-xen iptables rules" NAME=sipb-xen-iptables -RULES=/usr/local/share/sipb-xen-iptables/iptables.rules +RULES=/usr/share/sipb-xen-iptables/iptables.rules # Read configuration variable file if it is present @@ -39,4 +39,8 @@ # 1 if daemon was already running # 2 if daemon could not be started + for i in /usr/share/sipb-xen-iptables/iptables.rules + do mako-render $i.mako > $i + done + /sbin/iptables-restore < $RULES } Index: trunk/packages/sipb-xen-iptables/files/usr/share/sipb-xen-iptables/iptables.rules.mako =================================================================== --- trunk/packages/sipb-xen-iptables/files/usr/share/sipb-xen-iptables/iptables.rules.mako (revision 1055) +++ trunk/packages/sipb-xen-iptables/files/usr/share/sipb-xen-iptables/iptables.rules.mako (revision 1055) @@ -0,0 +1,26 @@ +<% + +from invirt.config import structs as cfg +h_port = cfg.vnc.base_port +port = cfg.vnc.base_port + +%>\ +*nat +:PREROUTING ACCEPT [5:300] +:POSTROUTING ACCEPT [8:674] +:OUTPUT ACCEPT [8:674] +% for h in cfg.hosts: +-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port} +-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} +<% port += 1 %> +% endfor +COMMIT + +*filter +:INPUT ACCEPT [366:44912] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [292:53151] +% for h in cfg.hosts: +-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT +% endfor +COMMIT