Add missing sourcenat rule

2025-11-03 04:12:31 +01:00 · 2014-08-22 16:40:55 +02:00 · 2014-08-22 16:40:55 +02:00 · f21b90a73e
commit f21b90a73e
parent 6d12d94e0c
1 changed files with 5 additions and 0 deletions
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@ -409,6 +409,11 @@ class CsIP:
            pwdsvc = CsPasswdSvc(self).setup()
        elif self.get_type() == "public":
            if self.address["source_nat"] == True:
+                cmdline = CsDataBag("cmdline")
+                dbag = cmdline.get_bag()
+                # FIXME way to VPC specific
+                vpccidr = dbag["config"]["vpccidr"]
+                fw.append(["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
                fw.append(["nat","","-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
        route.flush()