Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iptables: add NETMAP Support #68985

wants to merge 2 commits into
base: devel
Choose a base branch

iptables: add NETMAP Support #68985

wants to merge 2 commits into from


Copy link

@tsia tsia commented Apr 16, 2020


adding Support for --to option for use in conjunction with -j NETMAP

  • Feature Pull Request



in ip6tables it is possible to do IPv6-to-IPv6 Network Prefix Translation by using the option -j NETMAP like this:

# iptables -t nat -A PREROUTING -d 2001:DB8::/64 -i eth0 -j NETMAP --to fd::/64

this PR would implement it like this:

- iptables:
    ip_version: ipv6
    table: nat
    chain: PREROUTING
    destination: 2001:DB8::/64
    in_interface: eth0
    jump: NETMAP
    to: fd::/64

@tsia tsia changed the title add NETMAP Support iptables: add NETMAP Support Apr 16, 2020
@ansibot ansibot added affects_2.10 core_review feature module needs_triage new_contributor support:core system labels Apr 16, 2020
Copy link

ansibot commented Apr 16, 2020

The test ansible-test sanity --test validate-modules [explain] failed with 2 errors:

lib/ansible/modules/system/ invalid-documentation: expected str @ data['options']['to']['description'][0]. Got {'Network address to map to. For use with C(jump)': 'NETMAP'}
lib/ansible/modules/system/ option-incorrect-version-added: version_added for new option (to) should be '2.10'. Currently StrictVersion ('0.0')

The test ansible-test sanity --test ansible-doc [explain] failed with the error:

Command "ansible-doc -t module iptables" returned exit status 1.
>>> Standard Error
ERROR! Expected string in description of to at index 1, got <class 'ansible.parsing.yaml.objects.AnsibleMapping'>

click here for bot help

@ansibot ansibot added needs_revision and removed core_review labels Apr 16, 2020
@mattclay mattclay added the ci_verified label Apr 16, 2020
@ansibot ansibot removed the needs_triage label Apr 16, 2020
@ansibot ansibot added core_review and removed ci_verified needs_revision labels Apr 16, 2020
@ansibot ansibot added the stale_ci label Apr 29, 2020
@ansibot ansibot added collection collection:community.general needs_collection_redirect needs_rebase needs_revision support:community and removed core_review support:core collection:community.general needs_collection_redirect labels May 15, 2020
@ansibot ansibot added support:core and removed support:community labels May 18, 2020
@ansibot ansibot added pre_azp and removed stale_ci labels Dec 5, 2020
Copy link

timsomers commented Jan 19, 2021

I just ran into this exact issue. Is there a specific reason why this merge conflict hasn't been resolved since almost a year?

@ansibot ansibot added support:community and removed support:core labels Jan 19, 2021
@ansibot ansibot added support:core and removed support:community labels Jan 27, 2021
Copy link

bcoca commented Mar 16, 2022

sorry for the delay, iptables is a funny one as it has many many options that are not always present as they depend on kernel modules being available. Currently we are of many minds on how to proceed forward:

  • add options but have them check for requierd module first
  • create a module per kernel module with it's options, don't polute the main module
  • create a system of submodules that can be dynamically added

Copy link

sivel commented Apr 13, 2022

#75415 (comment)

@sivel sivel added the iptables label Apr 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
affects_2.10 affects_2.13 collection feature iptables module needs_rebase needs_revision new_contributor pre_azp support:core system
None yet

Successfully merging this pull request may close these issues.

None yet

7 participants