dataset/seed/host-systemd-machined/templates/risottofirewall.service

26 lines
791 B
SYSTEMD
Raw Permalink Normal View History

2022-06-29 11:44:01 +02:00
[Unit]
Description=Firewall for Risotto
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
2022-06-29 11:44:01 +02:00
%for %%dns in %%machined.machines
%set %%machine = %%normalize_family(%%dns)
%set %%outgoing = %%machined['machine_' + %%machine]['outgoing_ports_' + %%machine]
%if %%outgoing
%for %%port in %%outgoing
%if ':' in %%port
%set %%protocol, %%port = %%port.split(':')
%else
%set %%protocol = 'tcp'
%end if
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
ExecStop=-/sbin/iptables -t nat -D POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o %%output_interface -j MASQUERADE
2022-06-29 11:44:01 +02:00
%end for
%end if
%end for
[Install]
WantedBy=multi-user.target