bundles/docker-ce: sort nftables rules
This commit is contained in:
parent
cb4d28c994
commit
d282d77a99
GPG key ID:
12E3D2136B818350
1 changed files with 5 additions and 10 deletions
|
|
@ -12,14 +12,6 @@ defaults = {
|
||||||
'docker-ce-cli': {},
|
'docker-ce-cli': {},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'nftables': {
|
|
||||||
'rules': {
|
|
||||||
'00-docker-ce': {
|
|
||||||
'inet filter forward ct state { related, established } accept',
|
|
||||||
'inet filter forward iifname docker0 accept',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -27,7 +19,10 @@ defaults = {
|
||||||
'nftables/rules/00-docker-ce',
|
'nftables/rules/00-docker-ce',
|
||||||
)
|
)
|
||||||
def nftables_nat(metadata):
|
def nftables_nat(metadata):
|
||||||
rules = set()
|
rules = {
|
||||||
|
'inet filter forward ct state { related, established } accept',
|
||||||
|
'inet filter forward iifname docker0 accept',
|
||||||
|
}
|
||||||
|
|
||||||
for iface in metadata.get('interfaces'):
|
for iface in metadata.get('interfaces'):
|
||||||
rules.add(f'nat postrouting oifname {iface} masquerade')
|
rules.add(f'nat postrouting oifname {iface} masquerade')
|
||||||
|
|
@ -35,7 +30,7 @@ def nftables_nat(metadata):
|
||||||
return {
|
return {
|
||||||
'nftables': {
|
'nftables': {
|
||||||
'rules': {
|
'rules': {
|
||||||
'00-docker-ce': rules,
|
'00-docker-ce': sorted(rules),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue