Update shorewall to use snat configuration file instead of masq

author Tom Hughes <tom@compton.nu>

Mon, 11 Jul 2022 07:42:52 +0000 (08:42 +0100)

committer Tom Hughes <tom@compton.nu>

Mon, 11 Jul 2022 07:50:08 +0000 (08:50 +0100)
author Tom Hughes <tom@compton.nu>
Mon, 11 Jul 2022 07:42:52 +0000 (08:42 +0100)
committer Tom Hughes <tom@compton.nu>
Mon, 11 Jul 2022 07:50:08 +0000 (08:50 +0100)
diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb

index 3a30f20f969ede3e6f314e27b6a4867d702cd5dd..162e0c3a86f569ad3be98a86fea81e9da2ab42b4 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -512,16 +512,24 @@ if node[:networking][:wireguard][:enabled]
    end
  end
  
+file "/etc/shorewall/masq" do
+  action :delete
+end
+
+file "/etc/shorewall/masq.bak" do
+  action :delete
+end
+
  if node[:roles].include?("gateway")
-  template "/etc/shorewall/masq" do
-    source "shorewall-masq.erb"
+  template "/etc/shorewall/snat" do
+    source "shorewall-snat.erb"
      owner "root"
      group "root"
      mode "644"
      notifies :restart, "service[shorewall]"
    end
  else
-  file "/etc/shorewall/masq" do
+  file "/etc/shorewall/snat" do
      action :delete
      notifies :restart, "service[shorewall]"
    end
diff --git a/cookbooks/networking/templates/default/shorewall-masq.erb b/cookbooks/networking/templates/default/shorewall-masq.erb

deleted file mode 100644 (file)

index 856f60e..0000000
--- a/cookbooks/networking/templates/default/shorewall-masq.erb
+++ /dev/null
@@ -1,8 +0,0 @@
-# DO NOT EDIT - This file is being maintained by Chef
-
-# INTERFACE    SOURCE          ADDRESS
-<% node.interfaces(:role => :external).each do |external| -%>
-<% node.interfaces(:role => :internal).each do |internal| -%>
-<%= external[:interface] %>            <%= internal[:network] %>/<%= internal[:prefix] %>      detect
-<% end -%>
-<% end -%>
diff --git a/cookbooks/networking/templates/default/shorewall-snat.erb b/cookbooks/networking/templates/default/shorewall-snat.erb

new file mode 100644 (file)

index 0000000..59c6da6
--- /dev/null
+++ b/cookbooks/networking/templates/default/shorewall-snat.erb
@@ -0,0 +1,8 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+# ACTION        SOURCE          DEST            PROTO   PORT   IPSEC  MARK   USER    SWITCH  ORIGDEST   PROBABILITY
+<% node.interfaces(:role => :external).each do |external| -%>
+<% node.interfaces(:role => :internal).each do |internal| -%>
+SNAT(detect)   <%= internal[:network] %>/<%= internal[:prefix] %>      <%= external[:interface] %>
+<% end -%>
+<% end -%>
author	Tom Hughes <tom@compton.nu>
	Mon, 11 Jul 2022 07:42:52 +0000 (08:42 +0100)
committer	Tom Hughes <tom@compton.nu>
	Mon, 11 Jul 2022 07:50:08 +0000 (08:50 +0100)
cookbooks/networking/recipes/default.rb		patch \| blob \| history
cookbooks/networking/templates/default/shorewall-masq.erb	[deleted file]	patch \| blob \| history
cookbooks/networking/templates/default/shorewall-snat.erb	[new file with mode: 0644]	patch \| blob