include search domain
This commit is contained in:
parent
ad59e4fcfa
commit
3d9b4ad687
18
functions
18
functions
@ -6,9 +6,9 @@
|
|||||||
# Defines a service residing in a given container
|
# Defines a service residing in a given container
|
||||||
@def &def_service($service, $container, $proto, $port) = {
|
@def &def_service($service, $container, $proto, $port) = {
|
||||||
# look up IP addresses of the container
|
# look up IP addresses of the container
|
||||||
@def $ip4 = @resolve("$container", A);
|
@def $ip4 = @resolve("$container.$search_domain", A);
|
||||||
@def $ip6 = @resolve("ipv6.$container", AAAA);
|
@def $ip6 = @resolve("ipv6.$container.$search_domain", AAAA);
|
||||||
@def $ula = @resolve("ula.$container", AAAA);
|
@def $ula = @resolve("ula.$container.$search_domain", AAAA);
|
||||||
|
|
||||||
# chain to allow forwarding to the service
|
# chain to allow forwarding to the service
|
||||||
domain (ip ip6) table filter chain @cat("allow_", $service) daddr @ipfilter(($ip4 $ip6 $ula)) protocol $proto dport $port ACCEPT;
|
domain (ip ip6) table filter chain @cat("allow_", $service) daddr @ipfilter(($ip4 $ip6 $ula)) protocol $proto dport $port ACCEPT;
|
||||||
@ -34,9 +34,9 @@
|
|||||||
|
|
||||||
# Allows connection from the given container to the specified service (which resides in another container)
|
# Allows connection from the given container to the specified service (which resides in another container)
|
||||||
@def &allow_service_for($service, $container) = {
|
@def &allow_service_for($service, $container) = {
|
||||||
@def $ip4 = @resolve($container, A);
|
@def $ip4 = @resolve("$container.$search_domain", A);
|
||||||
@def $ip6 = @resolve("ipv6.$container", AAAA);
|
@def $ip6 = @resolve("ipv6.$container.$search_domain", AAAA);
|
||||||
@def $ula = @resolve("ula.$container", AAAA);
|
@def $ula = @resolve("ula.$container.$search_domain", AAAA);
|
||||||
domain (ip ip6) table filter chain FORWARD saddr @ipfilter(($ip4 $ip6 $ula)) jump @cat("allow_", $service);
|
domain (ip ip6) table filter chain FORWARD saddr @ipfilter(($ip4 $ip6 $ula)) jump @cat("allow_", $service);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -50,9 +50,9 @@
|
|||||||
|
|
||||||
@def &forward_to($container, $proto, $port) = {
|
@def &forward_to($container, $proto, $port) = {
|
||||||
# look up IP addresses of the container
|
# look up IP addresses of the container
|
||||||
@def $ip4 = @resolve($container, A);
|
@def $ip4 = @resolve($container.$search_domain, A);
|
||||||
@def $ip6 = @resolve("ipv6.$container", AAAA);
|
@def $ip6 = @resolve("ipv6.$container.$search_domain", AAAA);
|
||||||
@def $ula = @resolve("ula.$container", AAAA);
|
@def $ula = @resolve("ula.$container.$search_domain", AAAA);
|
||||||
|
|
||||||
domain (ip ip6) {
|
domain (ip ip6) {
|
||||||
# allow forwarding to container
|
# allow forwarding to container
|
||||||
|
Loading…
Reference in New Issue
Block a user