This allows us to specify rules with hostnames, but have puppet
resolve those to IP addresses before writing out the iptables
config. This ensures that iptables will always be able to start,
as well as keeping firewalls up to date as hosts change.
Change-Id: I7a0dfbab67bdba72c0a56acc611503795d2bc350
Depends-On: I29d36cc527351e3e6d2ee2dc1919988379b8db3a
Downstream consumers of this module likely don't need or want to open
snmp access from cacti.openstack.org. Parameterize the hosts to allow
snmp from so that downstreams don't have to fork the module in order to
remove the access.
Change-Id: I9394982811f8dcf0d63eccb782de04bf4a047ec7
While getting these scripts to run on Puppet 3 with Fedora 20, I got
a series of warnings about the deprecation of variable names. These
changes should also continue to work fine on Puppet 2.7.
Change-Id: I232f5f5a9abbe94be9fe2d3b8c82f009c03a11f3
Original default fowarding rule drops all packet including
the packets from quantum-dhcp. In this patch, we remove
forwarding rule
Change-Id: I68ec7440595a158e0a5f572868f37f54f5ffa1ba
Reviewed-on: https://review.openstack.org/18353
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
A list of iptables commands that come after the "-A OPENSTACK-INPUT"
bit.
Change-Id: Iee595d9267738365c208f8ecb6f0fd4941b357e3
Reviewed-on: https://review.openstack.org/17172
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Change-Id: I67cc116ad8a2b2586856965ae1e341d735d69fd3
Reviewed-on: https://review.openstack.org/14582
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins