[lxc-devel] [lxd/master] firewall: Fixes proxy nat rule dynamic family when using nftables
tomponline on Github
lxc-bot at linuxcontainers.org
Tue May 19 16:38:42 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 361 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200519/7eee102c/attachment.bin>
-------------- next part --------------
From 0a46bae0680a047f92ffc7e2ea055f8fb7aa7aeb Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 19 May 2020 17:37:05 +0100
Subject: [PATCH] lxd/firewall/drivers/driver/nftables/templates: Fixes proxy
nat rule dynamic family
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/firewall/drivers/drivers_nftables_templates.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/firewall/drivers/drivers_nftables_templates.go b/lxd/firewall/drivers/drivers_nftables_templates.go
index 31551e4bcd..bd768d3572 100644
--- a/lxd/firewall/drivers/drivers_nftables_templates.go
+++ b/lxd/firewall/drivers/drivers_nftables_templates.go
@@ -71,7 +71,7 @@ chain out{{.chainSeparator}}{{.deviceLabel}} {
chain pstrt{{.chainSeparator}}{{.deviceLabel}} {
type nat hook postrouting priority 100; policy accept;
{{- range .rules}}
- {{.family}} saddr {{.connectHost}} ip daddr {{.connectHost}} {{.connType}} dport {{.connectPort}} masquerade
+ {{.family}} saddr {{.connectHost}} {{.family}} daddr {{.connectHost}} {{.connType}} dport {{.connectPort}} masquerade
{{- end}}
}
`))
More information about the lxc-devel
mailing list