IPtables NAT Rules

See the IPtables Module Reference for notes on using the basic IPtables Module.

Add NAT Rules

The user may be required to add Network Address Translation (NAT) rules to the IPtables ruleset. To achieve this using the IPtables module, SIMP 1.1.3 or later is required and the iptables::add_rules input statement should be used to affect the appropriate changes.

The example below shows an IPtable NAT rule.

Example of an IPtable NAT Rule

 iptables::add_rules { "nat_global":
    table => "nat",
    first => "true",
    absolute => "true",
    header => "false",
    content => "
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    "
  }

iptables::add_rules { "nat_test":
    table   => "nat",
    header  => "false",
    content => "
    -A PREROUTING --physdev-in
    eth1 -j DROP
    "
  }