x/puppet-midonet
Code Issues Proposed changes

Ensure static uplink can work in RHEL and iptables

Browse Source 
Change-Id: I84210531ef4d7282dd21e69b80a1fef3010d9095
This commit is contained in:
Alejandro Andreu 2017-03-07 18:18:21 +01:00
parent 014f85f991
commit 22601bd38b
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
templates/gateway/create_fake_uplink_l2.sh.erb
View File

@ -90,3 +90,13 @@ if [ "${MASQUERADE_ON}" == 'on' ] && [ -z "$(iptables -v -n -L -t nat | grep "MA
iptables -I FORWARD -s ${FIP} -j ACCEPT
echo "Succesfully enabled masquerading"
fi
# Ensure there are no malicious iptables rules
if [ -f /etc/redhat-release ];
then
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited || true
if [[ $(cat /etc/sysconfig/iptables | grep -v -- '-A FORWARD -j REJECT --reject-with icmp-host-prohibited') ]];
then
cat /etc/sysconfig/iptables | grep -v -- '-A FORWARD -j REJECT --reject-with icmp-host-prohibited' > /etc/sysconfig/iptables
fi
fi