kunsi/bundlewrap
1
0
Fork 0
Code Issues 2 Pull requests 1 Releases Activity

bundles/docker-ce: sort nftables rules

Browse source
This commit is contained in:
Franzi 2022-12-26 12:57:42 +01:00
parent cb4d28c994
commit d282d77a99
Signed by: kunsi
GPG key ID: 12E3D2136B818350
1 changed files with 5 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
bundles/docker-ce/metadata.py
View file

@ -12,14 +12,6 @@ defaults = {
'docker-ce-cli': {}, 'docker-ce-cli': {},
}, },
}, },
'nftables': {
'rules': {
'00-docker-ce': {
'inet filter forward ct state { related, established } accept',
'inet filter forward iifname docker0 accept',
},
},
},
} }
@ -27,7 +19,10 @@ defaults = {
'nftables/rules/00-docker-ce', 'nftables/rules/00-docker-ce',
) )
def nftables_nat(metadata): def nftables_nat(metadata):
rules = set() rules = {
'inet filter forward ct state { related, established } accept',
'inet filter forward iifname docker0 accept',
}
for iface in metadata.get('interfaces'): for iface in metadata.get('interfaces'):
rules.add(f'nat postrouting oifname {iface} masquerade') rules.add(f'nat postrouting oifname {iface} masquerade')
@ -35,7 +30,7 @@ def nftables_nat(metadata):
return { return {
'nftables': { 'nftables': {
'rules': { 'rules': {
'00-docker-ce': rules, '00-docker-ce': sorted(rules),
}, },
}, },
} }