Hello, How do I code this rule, which I believe says: NOT dest = 192.168.122.0/24 : -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 Thanks, Mohamed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Mohamed Lrhazi
2012-Apr-22 15:12 UTC
[Puppet Users] Re: puppetlabs-firewall: negate operator?
If negation is not possible, then maybe I can just use two rules?
firewall { ''100 snat for network foo2'':
chain => ''POSTROUTING'',
action => ''accept'',
proto => ''all'',
source => [''192.168.122.0/24''],
destination => [''192.168.122.0/24''],
table => ''nat'',
}
firewall { ''101 snat for network foo2'':
chain => ''POSTROUTING'',
jump => ''MASQUERADE'',
proto => ''all'',
source => [''192.168.122.0/24''],
table => ''nat'',
}
On Sun, Apr 22, 2012 at 11:02 AM, Mohamed Lrhazi <lrhazi@gmail.com>
wrote:> Hello,
>
> How do I code this rule, which I believe says: NOT dest = 192.168.122.0/24
:
>
> -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
> MASQUERADE --to-ports 1024-65535
>
>
> Thanks,
> Mohamed.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Mohamed Lrhazi
2012-Apr-24 14:30 UTC
[Puppet Users] Re: puppetlabs-firewall: negate operator?
I also need to figure out how to code this rule: -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill --checksum-fill is not supported, in puppet-iptables, right? or can arbitrary iptables parameters be passed along somehow? I am using the purge option.... How would you manage iptables when some rules cannot be managed by puppet, while most can? Thanks a lot, Mohamed. On Sun, Apr 22, 2012 at 11:12 AM, Mohamed Lrhazi <lrhazi@gmail.com> wrote:> If negation is not possible, then maybe I can just use two rules? > > firewall { ''100 snat for network foo2'': > chain => ''POSTROUTING'', > action => ''accept'', > proto => ''all'', > source => [''192.168.122.0/24''], > destination => [''192.168.122.0/24''], > table => ''nat'', > } > firewall { ''101 snat for network foo2'': > chain => ''POSTROUTING'', > jump => ''MASQUERADE'', > proto => ''all'', > source => [''192.168.122.0/24''], > table => ''nat'', > } > > > On Sun, Apr 22, 2012 at 11:02 AM, Mohamed Lrhazi <lrhazi@gmail.com> wrote: >> Hello, >> >> How do I code this rule, which I believe says: NOT dest = 192.168.122.0/24 : >> >> -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j >> MASQUERADE --to-ports 1024-65535 >> >> >> Thanks, >> Mohamed.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.