bundles/pppd: allow dynamic configuration of nftables rules
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
20bbb3eb8e
commit
2b06c77439
GPG key ID:
12E3D2136B818350
3 changed files with 11 additions and 2 deletions
|
|
@ -3,6 +3,9 @@
|
|||
INTERFACE=$1
|
||||
|
||||
echo "add rule nat postrouting oif $INTERFACE masquerade" > /etc/nftables-rules.d/90-pppd
|
||||
% for rule in sorted(nftables):
|
||||
echo "add rule ${rule}" >> /etc/nftables-rules.d/90-pppd
|
||||
% endfor
|
||||
echo "net.ipv6.conf.$INTERFACE.accept_ra=2" > /etc/sysctl.d/90-pppd.conf
|
||||
|
||||
if systemctl is-active nftables;
|
||||
|
|
|
|||
|
|
@ -59,6 +59,10 @@ files = {
|
|||
},
|
||||
'/etc/ppp/ip-up.d/nftables': {
|
||||
'source': 'ip-up',
|
||||
'content_type': 'mako',
|
||||
'context': {
|
||||
'nftables': node.metadata.get('pppd/nftables-rules.d', set()),
|
||||
},
|
||||
'mode': '0755',
|
||||
},
|
||||
'/etc/ppp/peers/provider': {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue