Skip to content

Commit

Permalink
builder: Ensure that we always have nat tables for nftables
Browse files Browse the repository at this point in the history
CentOS stream does not ship the ipv4-*.nft files like fedora. Therefore
shipping the tables directly in the codebase. This also avoids quit
fallbacks to iptables where nftables should be used but the files where
not present.

Signed-off-by: Roman Mohr <rmohr@redhat.com>
  • Loading branch information
rmohr committed Oct 4, 2021
1 parent 2636b50 commit 95db6e8
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 0 deletions.
12 changes: 12 additions & 0 deletions cmd/virt-handler/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,16 @@ pkg_tar(
package_dir = "/etc",
)

pkg_tar(
name = "nftables-tar",
srcs = [
":ipv4-nat.nft",
":ipv6-nat.nft",
],
mode = "0644",
package_dir = "/etc/nftables",
)

container_image(
name = "version-container",
directory = "/",
Expand All @@ -151,11 +161,13 @@ container_image(
"@io_bazel_rules_go//go/platform:linux_arm64": [
":passwd-tar",
":nsswitch-tar",
":nftables-tar",
"//rpm:handlerbase_aarch64",
],
"//conditions:default": [
":passwd-tar",
":nsswitch-tar",
":nftables-tar",
"//rpm:handlerbase_x86_64",
],
}),
Expand Down
6 changes: 6 additions & 0 deletions cmd/virt-handler/ipv4-nat.nft
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
table nat {
chain prerouting { type nat hook prerouting priority -100; }
chain input { type nat hook input priority 100; }
chain output { type nat hook output priority -100; }
chain postrouting { type nat hook postrouting priority 100; }
}
6 changes: 6 additions & 0 deletions cmd/virt-handler/ipv6-nat.nft
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
table ip6 nat {
chain prerouting { type nat hook prerouting priority -100; }
chain input { type nat hook input priority 100; }
chain output { type nat hook output priority -100; }
chain postrouting { type nat hook postrouting priority 100; }
}

0 comments on commit 95db6e8

Please sign in to comment.