Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-472

nosource, nodestination => ! -d , ! - s

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Environment:

      I would like to generate this rule:
      -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535

    • Template:

      Description

      Today is no way how to negate source, destination ip and port in rules, this feature should be useful for more peoples.

      I thing that no- before option is cool way how to define it. For example

      	firewall { '102 example rule':
                      proto => 'tcp',
                      no-dport => ['80', '443'],
      		no-source => '123.321.22.33',
      		action => 'accept'
      	}
       
          firewall { '110 KVM DEFAULT NET':
              chain => 'POSTROUTING',
              jump => 'MASQUERADE',
              proto => 'tcp',
              source => '192.168.122.0/24'
              no-destination => '192.168.122.0/24',
              table => 'nat',
              toports => '1024-65535',
          }
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              masicz Marek Sirovy
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support