forked from stove/dataset
25 lines
747 B
SYSTEMD
25 lines
747 B
SYSTEMD
|
[Unit]
|
||
|
Description=Firewall for Risotto
|
||
|
After=network.target
|
||
|
|
||
|
[Service]
|
||
|
Type=oneshot
|
||
|
%for %%dns in %%machined.machines
|
||
|
%set %%machine = %%normalize_family(%%dns)
|
||
|
%set %%outgoing = %%machined['machine_' + %%machine]['outgoing_ports_' + %%machine]
|
||
|
%if %%outgoing
|
||
|
%for %%port in %%outgoing
|
||
|
%if ':' in %%port
|
||
|
%set %%protocol, %%port = %%port.split(':')
|
||
|
%else
|
||
|
%set %%protocol = 'tcp'
|
||
|
%end if
|
||
|
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o enp3s0 -j MASQUERADE
|
||
|
ExecStop=-/sbin/iptables -t nat -D POSTROUTING -s %%get_ip(%%dns) -p %%protocol -m %%protocol --dport %%port -o enp3s0 -j MASQUERADE
|
||
|
%end for
|
||
|
%end if
|
||
|
%end for
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|