Closed Fizzadar closed 8 years ago
Majority of this is implemented @ https://github.com/Fizzadar/pyinfra/commit/ba793f934d7f2770c1618ba3417aba7cc9f989a7
Leave open for tests/any final tweaks before release.
Good to see. Shortcuts for specific use cases would definitely be appreciated by users.
@hoh I'm a bit wary of adding specific use case shortcuts - the issue I foresee is that there are so many different use cases/arg-combinations which make it hard (beyond simple table shortcuts) to build more extensive shortcuts.
Perhaps something like:
def nat(type=[destination, source, port], target, **rule_kwargs)
Where type defines DNAT
, SNAT
or REDIRECT
for the jump and target specifies the relevant --to-destination
, --to-source
or --to-ports
?
Similarly there could be a logging shortcut:
def log(log_prefix, **rule_kwargs)
That sets jump=LOG and so on.
@Fizzadar an alternative would be to put that "sugar" in other packages, for example pip install pyinfra-easytable
...
@hoh I really like that idea, which leaves the pyinfra state management "clean" :) I'll close this issue now then.
The current module provides a basic
iptables.nat
implementation (thank you @hoh!). Iptables is a massive and complex beast, and I don't think the module will ever cover every use case (complicated iptables setups are best left as scripts, IMO) - but the module can certainly cover the basics.Facts:
iptables.chain
andiptables_chains
fact to control chains and their policiesiptables
fact toiptables_rules
to fit with above!
and single args like--syn
type=4
kwarg to bothModules:
iptables.nat
->iptables.rule
to handle any rules on any tabletype=4
kwarg to switch betweeniptables
&ip6tables
table='filter'
append=True
iptables.chain(name, present=True, policy='ACCEPT')
iptables.nat
,iptables.filter
,iptables.raw
,iptables.mangle
&iptables.security
shortcuts for more readable operations, all just pass toiptables.rule
w/ table set?