enable ipset-based masquerading

author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2012-03-01 14:31:45 +0000
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2012-03-01 14:31:45 +0000
commit: 8d6917d7fffdb10b3e37849a03847abdcc552608 (patch)
tree: d7797c8b17d1a41c5a35db7993b26704eef5dc07 /awall
parent: e062156947cbcb17fdaf7fe7bf398a766924f2d3 (diff)
download: awall-8d6917d7fffdb10b3e37849a03847abdcc552608.tar.bz2
awall-8d6917d7fffdb10b3e37849a03847abdcc552608.tar.xz
1 files changed, 5 insertions, 5 deletions
diff --git a/awall/modules/nat.lua b/awall/modules/nat.lua
index 4327f4c..7c632f0 100644
--- a/awall/modules/nat.lua
+++ b/awall/modules/nat.lua
@@ -76,8 +76,8 @@ end
 
 classmap = {dnat=DNATRule, snat=SNATRule}
 
-defrules = {}
-
--- TODO configuration of _nat ipset via config.json
---defrules = {{family='ip4', table='nat', chain='POSTROUTING',
---	     opts='-m set --match-set _nat src ! --match-set _nat dst -j MASQUERADE'}}
+-- TODO configuration of the ipset via JSON config
+defrules = {{family='ip4', table='nat', chain='POSTROUTING',
+	     opts='-m set --match-set awall-masquerade src -j awall-masquerade'},
+	    {family='ip4', table='nat', chain='awall-masquerade',
+	     opts='-m set ! --match-set awall-masquerade dst -j MASQUERADE'}}
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2012-03-01 14:31:45 +0000
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2012-03-01 14:31:45 +0000
commit	8d6917d7fffdb10b3e37849a03847abdcc552608 (patch)
tree	d7797c8b17d1a41c5a35db7993b26704eef5dc07 /awall
parent	e062156947cbcb17fdaf7fe7bf398a766924f2d3 (diff)
download	awall-8d6917d7fffdb10b3e37849a03847abdcc552608.tar.bz2 awall-8d6917d7fffdb10b3e37849a03847abdcc552608.tar.xz