I also need to figure out how to code this rule:
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
--checksum-fill is not supported, in puppet-iptables, right? or can
arbitrary iptables parameters be passed along somehow?
I am using the purge option.... How would you manage iptables when
some rules cannot be managed by puppet, while most can?
Thanks a lot,
Mohamed.
On Sun, Apr 22, 2012 at 11:12 AM, Mohamed Lrhazi <lrh...@gmail.com> wrote:
> If negation is not possible, then maybe I can just use two rules?
>
> firewall { '100 snat for network foo2':
> chain => 'POSTROUTING',
> action => 'accept',
> proto => 'all',
> source => ['192.168.122.0/24'],
> destination => ['192.168.122.0/24'],
> table => 'nat',
> }
> firewall { '101 snat for network foo2':
> chain => 'POSTROUTING',
> jump => 'MASQUERADE',
> proto => 'all',
> source => ['192.168.122.0/24'],
> table => 'nat',
> }
>
>
> On Sun, Apr 22, 2012 at 11:02 AM, Mohamed Lrhazi <lrh...@gmail.com> wrote:
>> Hello,
>>
>> How do I code this rule, which I believe says: NOT dest = 192.168.122.0/24 :
>>
>> -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
>> MASQUERADE --to-ports 1024-65535
>>
>>
>> Thanks,
>> Mohamed.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
