def natRules(self, nats, custom_rules):
for line in longComment("nat table"):
yield line
yield "*nat"
for chain in (u"PREROUTING", u"POSTROUTING", u"OUTPUT"):
yield Counters(chain)
for line in self.userPreRules('nat'):
yield line
for line in self.customRules(custom_rules, 'nat-pre'):
yield line
for line in natsRules(self, nats, self.apply_rules):
yield line
for line in self.customRules(custom_rules, 'nat-post'):
yield line
for line in self.userPostRules('nat'):
yield line
def iptablesRules(context, component, ruleset, rule_type, identifiers, use_nufw):
logger = ContextLoggerChild(context, component)
result = ApplyRulesResult(logger)
# Not NAT rules in IPv6!
if rule_type == 'nats':
rules = ruleset.nats
use_ipv6 = False
default_decisions = None
elif rule_type == 'acls-ipv6':
rules = ruleset.acls_ipv6
use_ipv6 = True
default_decisions = rules.default_decisions
else:
rules = ruleset.acls_ipv4
use_ipv6 = False
default_decisions = rules.default_decisions
if identifiers:
rules = [ rules[id] for id in identifiers ]
else:
rules = rules
options = IptablesOptions()
options.format = "iptables"
options.ipv6 = use_ipv6
options.nufw = use_nufw
with TemplateInstanciation(ruleset):
rules = filterRules(result, rules)
# Create iptables rules
iptables = IptablesGenerator(logger, default_decisions, options, component.config, result)
if rule_type != 'nats':
lines = aclsRules(iptables, rules)
else:
lines = natsRules(iptables, rules, result)
xmlrpc = result.exportXMLRPC()
xmlrpc['iptables'] = [unicode(line) for line in lines]
return xmlrpc
