networkd: add minimal IP forwarding and masquerading support to .network files

This adds two new settings to networkd's .network files: IPForwarding=yes and IPMasquerade=yes. The former controls the "forwarding" sysctl setting of the interface, thus controlling whether IP forwarding shall be enabled on the specific interface. The latter controls whether a firewall rule shall be installed that exposes traffic coming from the interface as coming from the local host to all other interfaces. This also enables both options by default for container network interfaces, thus making "systemd-nspawn --network-veth" have network connectivity out of the box.
author: Lennart Poettering <lennart@poettering.net> 2015-01-13 13:47:08 +0100
committer: Lennart Poettering <lennart@poettering.net> 2015-01-13 13:55:15 +0100
commit: 5a8bcb674f71a20e95df55319b34c556638378ce (patch)
tree: db1de9b03cb9bf4c017a0f620cf9d310c9de6098 /man/systemd.network.xml
parent: 76917807eb50ccde58901e8bec7ed3d408d1cc22 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index ea278c70d7..d54026874e 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -345,6 +345,30 @@
                                         </listitem>
                                 </varlistentry>
                                 <varlistentry>
+                                        <term><varname>IPForward=</varname></term>
+                                        <listitem><para>Configures IP
+                                        forwarding for the network
+                                        interface. If enabled incoming
+                                        packets on the network
+                                        interface will be forwarded to
+                                        other interfaces according to
+                                        the routing table. Takes a
+                                        boolean
+                                        argument.</para></listitem>
+                                </varlistentry>
+                                <varlistentry>
+                                        <term><varname>IPMasquerade=</varname></term>
+                                        <listitem><para>Configures IP
+                                        masquerading for the network
+                                        interface. If enabled packets
+                                        forwarded from the network
+                                        interface will be appear as
+                                        coming from the local
+                                        host. Takes a boolean
+                                        argument. Implies
+                                        <varname>IPForward=yes</varname>.</para></listitem>
+                                </varlistentry>
+                                <varlistentry>
                                         <term><varname>Bridge=</varname></term>
                                         <listitem>
                                                 <para>The name of the bridge to add the link to.</para>
author	Lennart Poettering <lennart@poettering.net>	2015-01-13 13:47:08 +0100
committer	Lennart Poettering <lennart@poettering.net>	2015-01-13 13:55:15 +0100
commit	5a8bcb674f71a20e95df55319b34c556638378ce (patch)
tree	db1de9b03cb9bf4c017a0f620cf9d310c9de6098 /man/systemd.network.xml
parent	76917807eb50ccde58901e8bec7ed3d408d1cc22 (diff)