wip

bootc/scenario3a/root/etc/nftables/libvirt.nft

@@ -2,14 +2,25 @@
 
 destroy table ip libvirt-nat
 
+##
+## TODO
+##
+
 table ip libvirt-nat {
+
+    chain FORWARD {
+        type filter hook forward priority filter - 10
+        policy accept
+        
+        iifname != "virbr0" ip daddr 192.168.122.2/24 tcp dport { 80 } ct state { new } counter accept
+        ip daddr 192.168.122.2/24 ct state { related, established } counter accept
+        ip saddr 192.168.122.2/24 ct state { related, established } counter accept
+    }
+
     chain Pre-Routing {
         type nat hook prerouting priority dstnat
         policy accept
 
-        # Log incoming packets
-        iifname != lo iifname != virbr0 log prefix "PREROUTING: "
-
         # Redirect port 80 to the Nextcloud VM
         ip daddr 192.168.2.0/24 iifname != "virbr0" tcp dport { 80 } counter dnat to 192.168.122.2
     }

flightctl/fleets.yaml

@@ -26,12 +26,12 @@ kind: Fleet
 metadata:
   annotations: {}
   labels:
-    scenario: '1'
+    scenario: 'scenario1'
   name: scenario1
 spec:
   selector:
     matchLabels:
-      scenario: '1'
+      scenario: 'scenario1'
   template:
     metadata:
       labels:
@@ -59,12 +59,12 @@ kind: Fleet
 metadata:
   annotations: {}
   labels:
-    scenario: '3a'
+    scenario: 'scenario3a'
   name: scenario3a
 spec:
   selector:
     matchLabels:
-      scenario: '3a'
+      scenario: 'scenario3a'
       type: 'baremetal'
   template:
     metadata:
@@ -86,12 +86,12 @@ kind: Fleet
 metadata:
   annotations: {}
   labels:
-    scenario: '4'
+    scenario: 'scenario4'
   name: scenario4
 spec:
   selector:
     matchLabels:
-      scenario: '4'
+      scenario: 'scenario4'
   template:
     metadata:
       labels: