fix: accept dp to work with current gigi and others

- and add v6-dnat for hop-container

Change-Id: I80a3a765e66cd25b91be1983cf07bb5140d6ff73

diff --git a/bootstrap-user b/bootstrap-user
index d1bbaa5e5968f1886b320c000944186003e71ede..f310d76111e216bb00c2c063c58bedbfaff85e7c 100755 (executable)
--- a/bootstrap-user
+++ b/bootstrap-user
@@ -73,6 +73,7 @@ function register {
           --data-urlencode "regional=1" \
           --data-urlencode "radius=1" \
           --data-urlencode "tos_agree=1" \
           --data-urlencode "regional=1" \
           --data-urlencode "radius=1" \
           --data-urlencode "tos_agree=1" \

+          --data-urlencode "dp_agree=1" \

           --data-urlencode "process=Weiter" \
           --data-urlencode "csrf=$csrf" > /dev/null
 }
           --data-urlencode "process=Weiter" \
           --data-urlencode "csrf=$csrf" > /dev/null
 }

diff --git a/environments/production/manifests/root.pp b/environments/production/manifests/root.pp
index 9adaee13767d6152e3f55e235247cfb506bb779d..c193f9a9dcb04e92dea3a17be01b7816830c66ef 100644 (file)
--- a/environments/production/manifests/root.pp
+++ b/environments/production/manifests/root.pp
@@ -44,6 +44,16 @@ class my_fw::post {
     table => 'nat',
     chain => 'PREROUTING'
   } ->
     table => 'nat',
     chain => 'PREROUTING'
   } ->

+  firewall {'80 dnatv6-hop-ssh':
+    provider => 'ip6tables',
+    proto  => 'tcp',
+    dport => '2222',
+    jump => 'DNAT',
+    todest => "[${$ipsv6[hop]}]:22",
+    iniface => $internet_iface,
+    table => 'nat',
+    chain => 'PREROUTING'
+  } ->

   firewall {'80 MASQ-v6':
     provider => 'ip6tables',
     chain => 'POSTROUTING',
   firewall {'80 MASQ-v6':
     provider => 'ip6tables',
     chain => 'POSTROUTING',