Merge "Ensure FORWARD is ACCEPT by default"

2018-02-20 05:06:08 +00:00 · 2018-02-20 05:06:08 +00:00 · 529796bed1
parent 42e9be0ede da31c6e5ba
commit 529796bed1
1 changed files with 13 additions and 0 deletions
--- a/elements/puppet-stack-config/puppet-stack-config.yaml.template
+++ b/elements/puppet-stack-config/puppet-stack-config.yaml.template
@ -899,6 +899,19 @@ nova::notify_on_state_change: 'vm_state'

 # Firewall
 tripleo::firewall::manage_firewall: true
+# Docker switches FORWARD to DROP by default which causes issues on the
+# undercloud. We are already included a REJECT rule in so switch these back
+# to ACCEPT.
+# https://bugs.launchpad.net/tripleo/+bug/1750194
+tripleo::firewall::firewall_chains:
+  'FORWARD:filter:IPv4':
+     ensure: present
+     policy: accept
+     purge: false
+  'FORWARD:filter:IPv6':
+     ensure: present
+     policy: accept
+     purge: false
 tripleo::firewall::firewall_rules:
  '105 ntp':
    dport: 123