Merge remote-tracking branch 'cloudkrebs/master'

author: tv <tv@krebsco.de> 2016-06-06 17:17:07 +0200
committer: tv <tv@krebsco.de> 2016-06-06 17:17:07 +0200
commit: dda2887e2cf618a7c7744bee2eed806e3a38fe36 (patch)
tree: 19ad3210a2b8485ac22d26f75b2e2493d3f61596 /krebs/3modules/iptables.nix
parent: c1c645b545b960eb639fc6d41dfa35ee187ae164 (diff)
parent: 7e344c0627a266685ef1ad79f5193b4e7ba27408 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 9596229de..bb06a9388 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -20,6 +20,7 @@ let
     flatten
     length
     hasAttr
+    hasPrefix
     mkEnableOption
     mkOption
     mkIf
@@ -123,7 +124,7 @@ let
 
       buildRule = tn: cn: rule:
         #target validation test:
-        assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}")));
+        assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target;
 
         #predicate validation test:
         #maybe use iptables-test
author	tv <tv@krebsco.de>	2016-06-06 17:17:07 +0200
committer	tv <tv@krebsco.de>	2016-06-06 17:17:07 +0200
commit	dda2887e2cf618a7c7744bee2eed806e3a38fe36 (patch)
tree	19ad3210a2b8485ac22d26f75b2e2493d3f61596 /krebs/3modules/iptables.nix
parent	c1c645b545b960eb639fc6d41dfa35ee187ae164 (diff)
parent	7e344c0627a266685ef1ad79f5193b4e7ba27408 (diff)