See the IPtables Module Reference for notes on using the basic IPtables Module.
The user may be required to add Network Address Translation (NAT) rules to the IPtables ruleset. To achieve this using the IPtables module, SIMP 1.1.3 or later is required and the iptables::add_rules input statement should be used to affect the appropriate changes.
The example below shows an IPtable NAT rule.
Example of an IPtable NAT Rule
iptables::add_rules { "nat_global":
table => "nat",
first => "true",
absolute => "true",
header => "false",
content => "
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
"
}
- iptables::add_rules { "nat_test":
table => "nat", header => "false", content => " -A PREROUTING --physdev-in eth1 -j DROP "
}