source: trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako @ 3049

Last change on this file since 3049 was 2874, checked in by broder, 15 years ago

Cleanup the invirt-web iptables so that what their doing is clearer.

File size: 682 bytes
Line 
1<%
2
3from invirt.config import structs as cfg
4host_port = cfg.vnc.base_port
5server_port = host_port
6
7%>\
8*nat
9:PREROUTING ACCEPT [5:300]
10:POSTROUTING ACCEPT [8:674]
11:OUTPUT ACCEPT [8:674]
12% for h in cfg.hosts:
13-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port}
14-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
15<% server_port += 1 %>\
16% endfor
17COMMIT
18
19*filter
20:INPUT ACCEPT [366:44912]
21:FORWARD ACCEPT [0:0]
22:OUTPUT ACCEPT [292:53151]
23% for h in cfg.hosts:
24-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${host_port} -j ACCEPT
25% endfor
26COMMIT
Note: See TracBrowser for help on using the repository browser.