func setupIPTables(bridgeName, natIface string) error { nat := []string{"POSTROUTING", "-t", "nat", "-o", natIface, "-j", "MASQUERADE"} if !iptables.Exists(nat...) { if output, err := iptables.Raw(append([]string{"-I"}, nat...)...); err != nil { return fmt.Errorf("unable to enable network bridge NAT: %s", err) } else if len(output) != 0 { return fmt.Errorf("unknown error creating bridge NAT rule: %s", output) } } forward := []string{"FORWARD", "-i", bridgeName, "-j", "ACCEPT"} if !iptables.Exists(forward...) { if output, err := iptables.Raw(append([]string{"-I"}, forward...)...); err != nil { return fmt.Errorf("unable to enable forwarding: %s", err) } else if len(output) != 0 { return fmt.Errorf("unknown error enabling forwarding: %s", output) } } return nil }
func cleanupIPTables(bridgeName string) { // Delete the forwarding rule. The postrouting rule does not need deletion // as there is usually only one per box and it doesn't change. iptables.Raw("-D", "FORWARD", "-i", bridgeName, "-j", "ACCEPT") }