31 lines
969 B
Bash
31 lines
969 B
Bash
#!/usr/bin/env bash
|
|
|
|
set -xe
|
|
|
|
source /vagrant/provisioning/firewall/firewall.conf
|
|
|
|
# Activation du NAT Forwarding
|
|
sed -i 's/^#net\/ipv4\/ip_forward.*$/net\/ipv4\/ip_forward=1/' /etc/ufw/sysctl.conf
|
|
sed -i 's/^#net\/ipv6\/conf\/default\/forwarding.*$/net\/ipv6\/conf\/default\/forwarding=1/' /etc/ufw/sysctl.conf
|
|
sed -i 's/^#net\/ipv6\/conf\/all\/forwarding.*$/net\/ipv6\/conf\/all\/forwarding=1/' /etc/ufw/sysctl.conf
|
|
|
|
#sed -i 's/^DEFAULT_FORWARD_POLICY="DROP"$/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
|
|
|
|
# Ajout des règles de forwarding
|
|
TMP_FILE=$(mktemp)
|
|
cat > "$TMP_FILE" <<EOF
|
|
*nat
|
|
:POSTROUTING ACCEPT [0:0]
|
|
-A POSTROUTING -s $INTRANET_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
|
-A POSTROUTING -s $ACCOUNTING_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
|
-A POSTROUTING -s $DEVELOPER_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
|
COMMIT
|
|
|
|
$(cat /etc/ufw/before.rules)
|
|
EOF
|
|
|
|
mv /etc/ufw/before.rules /etc/ufw/before.rules.bak
|
|
mv "$TMP_FILE" /etc/ufw/before.rules
|
|
|
|
rm -f "$TMP_FILE"
|