modify nodes and bundles for new nftables syntax

2021-06-03 13:59:15 +02:00 · 2021-06-03 13:59:15 +02:00 · d569b00960
commit d569b00960
parent ecb67d012b
30 changed files with 172 additions and 126 deletions
--- a/bundles/unbound/files/unbound.conf
+++ b/bundles/unbound/files/unbound.conf
@ -10,8 +10,8 @@ server:

    num-threads: ${threads}

-% if node.has_bundle('iptables') and not node.has_bundle('vmhost'):
-    # Use iptables to manage access to this service
+% if node.has_bundle('nftables') and not node.has_bundle('vmhost'):
+    # Use nftables to manage access to this service
    interface: 0.0.0.0
    interface: ::0
    access-control: 0.0.0.0/0 allow
--- a/bundles/unbound/metadata.py
+++ b/bundles/unbound/metadata.py
@ -56,11 +56,11 @@ def cpu_cores_to_config_values(metadata):


@metadata_reactor.provides(
-    'iptables/port_rules',
+    'firewall/port_rules',
 )
-def iptables(metadata):
+def firewall(metadata):
    return {
-        'iptables': {
+        'firewall': {
            'port_rules': {
                '53': atomic(metadata.get('unbound/restrict-to', set())),
                '53/udp': atomic(metadata.get('unbound/restrict-to', set())),