From: Evan Broder Date: Sun, 3 Jan 2010 21:43:08 +0000 (-0500) Subject: Merge invirt-web-iptables into invirt-web and use the new X-Git-Tag: 0.1.5~5 X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/commitdiff_plain/dbc720a8ee1dfdbc48fa3e17e8ef8af4aed7efe4?ds=inline Merge invirt-web-iptables into invirt-web and use the new invirt-iptables interface. svn path=/trunk/packages/invirt-web/; revision=2863 --- diff --git a/debian/changelog b/debian/changelog index acb4e06..c489ddc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +invirt-web (0.1.4) unstable; urgency=low + + * Merge invirt-web-iptables into invirt-web and use the new + invirt-iptables interface. + + -- Evan Broder Sun, 03 Jan 2010 16:36:47 -0500 + invirt-web (0.1.3) unstable; urgency=low * Add some more user-friendly error handling for common errors. (LP: diff --git a/debian/control b/debian/control index e22a9ff..f2a3f00 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Architecture: all Depends: ${misc:Depends}, # other Invirt invirt-base, invirt-database, - invirt-dns, invirt-vnc-client, invirt-web-iptables, + invirt-dns, invirt-vnc-client, invirt-iptables, # web server apache2, libapache2-mod-fcgid, libapache2-svn, libapache2-mod-auth-sslcert, libapache2-mod-auth-kerb, @@ -26,4 +26,5 @@ Depends: ${misc:Depends}, cron, Provides: ${diverted-files} Conflicts: ${diverted-files} +Replaces: invirt-web-iptables (<= 0.0.2) Description: the Invirt web interface diff --git a/debian/invirt-web.init b/debian/invirt-web.init index e8524ee..ad4c37c 100755 --- a/debian/invirt-web.init +++ b/debian/invirt-web.init @@ -11,7 +11,7 @@ PACKAGE=invirt-web PARENTPACKAGE=apache2 -GEN_FILES=(/etc/apache2/sites-available/{default,ssl,svn}) +GEN_FILES=(/etc/apache2/sites-available/{default,ssl,svn} /etc/invirt-iptables/rules.d/50-invirt-web) . /lib/init/config-init.sh config_init "$1" diff --git a/files/etc/invirt-iptables/rules.d/50-invirt-web.mako b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako new file mode 100644 index 0000000..a8f218b --- /dev/null +++ b/files/etc/invirt-iptables/rules.d/50-invirt-web.mako @@ -0,0 +1,26 @@ +<% + +from invirt.config import structs as cfg +h_port = cfg.vnc.base_port +port = cfg.vnc.base_port + +%>\ +*nat +:PREROUTING ACCEPT [5:300] +:POSTROUTING ACCEPT [8:674] +:OUTPUT ACCEPT [8:674] +% for h in cfg.hosts: +-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port} +-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} +<% port += 1 %> +% endfor +COMMIT + +*filter +:INPUT ACCEPT [366:44912] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [292:53151] +% for h in cfg.hosts: +-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT +% endfor +COMMIT