Commit 165e1b30 by Bach Dániel

firewall: add SNAT rules for hosts

parent 5b10ba8a
......@@ -62,6 +62,15 @@ class BuildFirewall:
extra='-j DNAT --to-destination %s:%s' % (,
# SNAT rules for machines with public IPv4
for host in Host.objects.exclude(external_ipv4=None).select_related(
for vl_out in host.vlan.snat_to.all():
priority=1500, src=(host.ipv4, None),
extra='-o %s -j SNAT --to-source %s' % (, host.external_ipv4)))
# default outbound NAT rules for VLANs
for vl_in in Vlan.objects.exclude(
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment