source: trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako @ 2869

Last change on this file since 2869 was 2863, checked in by broder, 15 years ago

Merge invirt-web-iptables into invirt-web and use the new
invirt-iptables interface.

File size: 656 bytes
Line 
1<%
2
3from invirt.config import structs as cfg
4h_port = cfg.vnc.base_port
5port = cfg.vnc.base_port
6
7%>\
8*nat
9:PREROUTING ACCEPT [5:300]
10:POSTROUTING ACCEPT [8:674]
11:OUTPUT ACCEPT [8:674]
12% for h in cfg.hosts:
13-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port}
14-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
15<% port += 1 %>
16% endfor
17COMMIT
18
19*filter
20:INPUT ACCEPT [366:44912]
21:FORWARD ACCEPT [0:0]
22:OUTPUT ACCEPT [292:53151]
23% for h in cfg.hosts:
24-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT
25% endfor
26COMMIT
Note: See TracBrowser for help on using the repository browser.