X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/deb49f12aad253039d9b8907dde04b89321f5e49..dbc720a8ee1dfdbc48fa3e17e8ef8af4aed7efe4:/files/etc/invirt-iptables/rules.d/50-invirt-web.mako

diff --git a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
new file mode 100644
index 0000000..a8f218b
--- /dev/null
+++ b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
@@ -0,0 +1,26 @@
+<%
+
+from invirt.config import structs as cfg
+h_port = cfg.vnc.base_port
+port = cfg.vnc.base_port
+
+%>\
+*nat
+:PREROUTING ACCEPT [5:300]
+:POSTROUTING ACCEPT [8:674]
+:OUTPUT ACCEPT [8:674]
+% for h in cfg.hosts:
+-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port}
+-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
+<% port += 1 %>
+% endfor
+COMMIT
+
+*filter
+:INPUT ACCEPT [366:44912]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [292:53151]
+% for h in cfg.hosts:
+-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT 
+% endfor
+COMMIT