| NIC=$( route|grep default|awk '{print $NF}' ) |
| PORTAL=$( dig +short portal.opencloud.us | tail -1 ) |
| SUBNET=$( ip addr show $NIC|grep "inet "|awk '{print $2}' ) |
| {% set vm_net = ( virt_nets | selectattr("head_vms", "defined") | first ) %} |
| PRIVATENET=$( ip addr show {{ vm_net.name }} |grep "inet "|awk '{print $2}' ) |
| iptables -I $CHAIN 1 $ARGS |
| add_local_access_rules() { |
| add_rule "FORWARD" "-s $SUBNET -j ACCEPT" |
| # Don't NAT traffic from service VMs destined to the local subnet |
| add_rule "POSTROUTING" "-t nat -s $PRIVATENET -d $SUBNET -j RETURN" |
| add_portal_access_rules() { |
| add_rule "FORWARD" "-s $PORTAL -j ACCEPT" |
| add_rule "FORWARD" "-p tcp --dport 80 -j ACCEPT" |