modify nodes and bundles for new nftables syntax

2021-06-03 13:59:15 +02:00 · 2021-06-03 13:59:15 +02:00 · d569b00960
commit d569b00960
parent ecb67d012b
30 changed files with 172 additions and 126 deletions
--- a/bundles/wide-dhcp6c/metadata.py
+++ b/bundles/wide-dhcp6c/metadata.py
@ -4,12 +4,14 @@ defaults = {
            'wide-dhcpv6-client': {},
        },
    },
-    'iptables': {
-        'bundle_rules': {
-            'wide-dhcp6c': [
-                'ip6tables -A INPUT -p udp -s ff00::/12 -j ACCEPT',
-                'ip6tables -A INPUT -p udp -s fe80::/10 -j ACCEPT',
-            ],
+    'nftables': {
+        'rules': {
+            'input': {
+                'wide-dhcp6c': [
+                    'udp dport { 546, 547 } ip6 saddr ff00::/12 accept',
+                    'udp dport { 546, 547 } ip6 saddr fe80::/10 accept',
+                ],
+            },
        },
    },
    'icinga2_api': {