Beispiel #1
0
func setupIPTables(bridgeName, natIface string) error {
	nat := []string{"POSTROUTING", "-t", "nat", "-o", natIface, "-j", "MASQUERADE"}
	if !iptables.Exists(nat...) {
		if output, err := iptables.Raw(append([]string{"-I"}, nat...)...); err != nil {
			return fmt.Errorf("unable to enable network bridge NAT: %s", err)
		} else if len(output) != 0 {
			return fmt.Errorf("unknown error creating bridge NAT rule: %s", output)
		}
	}

	forward := []string{"FORWARD", "-i", bridgeName, "-j", "ACCEPT"}
	if !iptables.Exists(forward...) {
		if output, err := iptables.Raw(append([]string{"-I"}, forward...)...); err != nil {
			return fmt.Errorf("unable to enable forwarding: %s", err)
		} else if len(output) != 0 {
			return fmt.Errorf("unknown error enabling forwarding: %s", output)
		}
	}

	return nil
}
Beispiel #2
0
func cleanupIPTables(bridgeName string) {
	// Delete the forwarding rule. The postrouting rule does not need deletion
	// as there is usually only one per box and it doesn't change.
	iptables.Raw("-D", "FORWARD", "-i", bridgeName, "-j", "ACCEPT")
}