From 4b148a2c29a78cc07930d665283e5691a5d2156d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 26 Jul 2017 13:13:32 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'src/Propellor/Property/SiteSpecific') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 6e0d6c4e..499409e0 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -929,3 +929,22 @@ alarmClock oncalendar (User user) command = combineProperties "goodmorning timer & Systemd.started "goodmorning.timer" & "/etc/systemd/logind.conf" `ConfFile.containsIniSetting` ("Login", "LidSwitchIgnoreInhibited", "no") + +-- | Enable IP masqerading, from the intif to the extif. +ipmasq :: String -> String -> Property DebianLike +ipmasq extif intif = script `File.hasContent` + [ "#!/bin/sh" + , "EXTIF=" ++ extif + , "INTIF=" ++ intif + , "if [ \"$IFACE\" != $EXTIF; then" + , "exit 0" + , "fi" + , "iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT" + , "iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT" + , "iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE" + , "echo 1 > /proc/sys/net/ipv4/ip_forward" + ] + `requires` Apt.installed ["iptables"] + `before` (script `File.mode` combineModes (readModes ++ executeModes)) + where + script = "/etc/network/if-up.d/ipmasq" -- cgit v1.2.3