execute "iptables-load" do
  action :nothing
  command "/etc/network/if-pre-up.d/iptables-load"
end

template "/etc/iptables.rules" do
  source "iptables.rules.erb"
  mode 0644
  owner "root"
  group "root"
end

modules "iptable_nat"
modules "ipt_MASQUERADE"

execute "enable ip_forward" do
  command "sysctl -w net.ipv4.ip_forward=1"
end

file "/etc/sysctl.d/10-ip-forwarding.conf" do
  mode "0644"
  content "net.ipv4.ip_forward = 1"
end

cookbook_file "/etc/network/if-pre-up.d/iptables-load" do
  source "iptables-load"
  mode 0755
  owner "root"
  group "root"
  notifies :run, "execute[iptables-load]"
end

cookbook_file "/etc/network/if-post-down.d/iptables-save" do
  source "iptables-save"
  mode 0755
  owner "root"
  group "root"
end