invirt-iptables interface.
svn path=/trunk/packages/invirt-web/; revision=2863
+invirt-web (0.1.4) unstable; urgency=low
+
+ * Merge invirt-web-iptables into invirt-web and use the new
+ invirt-iptables interface.
+
+ -- Evan Broder <broder@mit.edu> Sun, 03 Jan 2010 16:36:47 -0500
+
invirt-web (0.1.3) unstable; urgency=low
* Add some more user-friendly error handling for common errors. (LP:
Depends: ${misc:Depends},
# other Invirt
invirt-base, invirt-database,
- invirt-dns, invirt-vnc-client, invirt-web-iptables,
+ invirt-dns, invirt-vnc-client, invirt-iptables,
# web server
apache2, libapache2-mod-fcgid, libapache2-svn,
libapache2-mod-auth-sslcert, libapache2-mod-auth-kerb,
cron,
Provides: ${diverted-files}
Conflicts: ${diverted-files}
+Replaces: invirt-web-iptables (<= 0.0.2)
Description: the Invirt web interface
PACKAGE=invirt-web
PARENTPACKAGE=apache2
-GEN_FILES=(/etc/apache2/sites-available/{default,ssl,svn})
+GEN_FILES=(/etc/apache2/sites-available/{default,ssl,svn} /etc/invirt-iptables/rules.d/50-invirt-web)
. /lib/init/config-init.sh
config_init "$1"
--- /dev/null
+<%
+
+from invirt.config import structs as cfg
+h_port = cfg.vnc.base_port
+port = cfg.vnc.base_port
+
+%>\
+*nat
+:PREROUTING ACCEPT [5:300]
+:POSTROUTING ACCEPT [8:674]
+:OUTPUT ACCEPT [8:674]
+% for h in cfg.hosts:
+-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port}
+-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
+<% port += 1 %>
+% endfor
+COMMIT
+
+*filter
+:INPUT ACCEPT [366:44912]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [292:53151]
+% for h in cfg.hosts:
+-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT
+% endfor
+COMMIT
projects / invirt/packages/invirt-web.git / commitdiff
