projects / invirt/packages/invirt-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
invirt-configurize sipb-xen-iptables
[invirt/packages/invirt-web.git] / files / usr / share / sipb-xen-iptables / iptables.rules.mako
diff --git a/files/usr/share/sipb-xen-iptables/iptables.rules.mako b/files/usr/share/sipb-xen-iptables/iptables.rules.mako
new file mode 100644 (file)
index 0000000..a8f218b
--- /dev/null
+++ b/files/usr/share/sipb-xen-iptables/iptables.rules.mako
@@ -0,0 +1,26 @@
+<%
+
+from invirt.config import structs as cfg
+h_port = cfg.vnc.base_port
+port = cfg.vnc.base_port
+
+%>\
+*nat
+:PREROUTING ACCEPT [5:300]
+:POSTROUTING ACCEPT [8:674]
+:OUTPUT ACCEPT [8:674]
+% for h in cfg.hosts:
+-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port}
+-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
+<% port += 1 %>
+% endfor
+COMMIT
+
+*filter
+:INPUT ACCEPT [366:44912]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [292:53151]
+% for h in cfg.hosts:
+-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT 
+% endfor
+COMMIT
Unnamed repository; edit this file 'description' to name the repository.