iptables: option to configure Source NAT (#2292)

* Clean up trailing whitespace * Add `--to-source` option to allow Source NAT (fix for #2291)
2016-05-26 12:51:31 -04:00 · 2016-05-26 12:51:31 -04:00 · 3ca06bf1c8
commit 3ca06bf1c8
parent 1ea51b2f99
1 changed files with 11 additions and 2 deletions
--- a/system/iptables.py
+++ b/system/iptables.py
@ -226,6 +226,13 @@ options:
        this, the destination address is never altered."
    required: false
    default: null
+  to_source:
+    version_added: "2.2"
+    description:
+      - "This specifies a source address to use with SNAT: without
+        this, the source address is never altered."
+    required: false
+    default: null
  set_dscp_mark:
    version_added: "2.1"
    description:
@ -336,6 +343,7 @@ def construct_rule(params):
    append_param(rule, params['match'], '-m', True)
    append_param(rule, params['jump'], '-j', False)
    append_param(rule, params['to_destination'], '--to-destination', False)
+    append_param(rule, params['to_source'], '--to-source', False)
    append_param(rule, params['goto'], '-g', False)
    append_param(rule, params['in_interface'], '-i', False)
    append_param(rule, params['out_interface'], '-o', False)
@ -401,6 +409,7 @@ def main():
            chain=dict(required=True, default=None, type='str'),
            protocol=dict(required=False, default=None, type='str'),
            source=dict(required=False, default=None, type='str'),
+            to_source=dict(required=False, default=None, type='str'),
            destination=dict(required=False, default=None, type='str'),
            to_destination=dict(required=False, default=None, type='str'),
            match=dict(required=False, default=[], type='list'),