Index: trunk/packages/invirt-web/debian/changelog =================================================================== --- trunk/packages/invirt-web/debian/changelog (revision 2862) +++ trunk/packages/invirt-web/debian/changelog (revision 2863) @@ -1,2 +1,9 @@ +invirt-web (0.1.4) unstable; urgency=low + + * Merge invirt-web-iptables into invirt-web and use the new + invirt-iptables interface. + + -- Evan Broder Sun, 03 Jan 2010 16:36:47 -0500 + invirt-web (0.1.3) unstable; urgency=low Index: trunk/packages/invirt-web/debian/control =================================================================== --- trunk/packages/invirt-web/debian/control (revision 2862) +++ trunk/packages/invirt-web/debian/control (revision 2863) @@ -11,5 +11,5 @@ # other Invirt invirt-base, invirt-database, - invirt-dns, invirt-vnc-client, invirt-web-iptables, + invirt-dns, invirt-vnc-client, invirt-iptables, # web server apache2, libapache2-mod-fcgid, libapache2-svn, @@ -27,3 +27,4 @@ Provides: ${diverted-files} Conflicts: ${diverted-files} +Replaces: invirt-web-iptables (<= 0.0.2) Description: the Invirt web interface Index: trunk/packages/invirt-web/debian/invirt-web.init =================================================================== --- trunk/packages/invirt-web/debian/invirt-web.init (revision 2862) +++ trunk/packages/invirt-web/debian/invirt-web.init (revision 2863) @@ -12,5 +12,5 @@ PACKAGE=invirt-web PARENTPACKAGE=apache2 -GEN_FILES=(/etc/apache2/sites-available/{default,ssl,svn}) +GEN_FILES=(/etc/apache2/sites-available/{default,ssl,svn} /etc/invirt-iptables/rules.d/50-invirt-web) . /lib/init/config-init.sh Index: trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako =================================================================== --- trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako (revision 2863) +++ trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako (revision 2863) @@ -0,0 +1,26 @@ +<% + +from invirt.config import structs as cfg +h_port = cfg.vnc.base_port +port = cfg.vnc.base_port + +%>\ +*nat +:PREROUTING ACCEPT [5:300] +:POSTROUTING ACCEPT [8:674] +:OUTPUT ACCEPT [8:674] +% for h in cfg.hosts: +-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port} +-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} +<% port += 1 %> +% endfor +COMMIT + +*filter +:INPUT ACCEPT [366:44912] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [292:53151] +% for h in cfg.hosts: +-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT +% endfor +COMMIT