summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNachi Ueno <nachi@nttmcl.com>2012-12-18 15:12:18 -0800
committerJenkins <jenkins@review.openstack.org>2012-12-19 01:14:32 +0000
commit53a8e73187203cd68348e5600237046f1bc62940 (patch)
tree7bca2aba0770996c6bd930c6ed0bb41b61c2603c
parentb2e32369030d587356a64bc5fea23b9ffb0c04ac (diff)
Remove iptables forwarding rule for quantum-gate
Original default fowarding rule drops all packet including the packets from quantum-dhcp. In this patch, we remove forwarding rule Change-Id: I68ec7440595a158e0a5f572868f37f54f5ffa1ba Reviewed-on: https://review.openstack.org/18353 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
-rw-r--r--templates/rules.erb1
-rw-r--r--templates/rules.v6.erb1
2 files changed, 0 insertions, 2 deletions
diff --git a/templates/rules.erb b/templates/rules.erb
index 82e89f9..81e4f10 100644
--- a/templates/rules.erb
+++ b/templates/rules.erb
@@ -4,7 +4,6 @@
4:OUTPUT ACCEPT [0:0] 4:OUTPUT ACCEPT [0:0]
5:openstack-INPUT - [0:0] 5:openstack-INPUT - [0:0]
6-A INPUT -j openstack-INPUT 6-A INPUT -j openstack-INPUT
7-A FORWARD -j openstack-INPUT
8-A openstack-INPUT -i lo -j ACCEPT 7-A openstack-INPUT -i lo -j ACCEPT
9-A openstack-INPUT -p icmp --icmp-type any -j ACCEPT 8-A openstack-INPUT -p icmp --icmp-type any -j ACCEPT
10#-A openstack-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT 9#-A openstack-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
diff --git a/templates/rules.v6.erb b/templates/rules.v6.erb
index 3bf60f2..23097b6 100644
--- a/templates/rules.v6.erb
+++ b/templates/rules.v6.erb
@@ -4,7 +4,6 @@
4:OUTPUT ACCEPT [0:0] 4:OUTPUT ACCEPT [0:0]
5:openstack-INPUT - [0:0] 5:openstack-INPUT - [0:0]
6-A INPUT -j openstack-INPUT 6-A INPUT -j openstack-INPUT
7-A FORWARD -j openstack-INPUT
8-A openstack-INPUT -i lo -j ACCEPT 7-A openstack-INPUT -i lo -j ACCEPT
9-A openstack-INPUT -p icmpv6 -j ACCEPT 8-A openstack-INPUT -p icmpv6 -j ACCEPT
10-A openstack-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 9-A openstack-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT