Allow allowed_hosts to not have ipv6 interfaces
This puts a conditional around the AAAA lookup so we can add hosts in clouds that don't provide an IPv6 address. Change-Id: I97e82a41fdbe31e7bce6f05b8e6aa39834c42548
This commit is contained in:
parent
8f2af6849c
commit
ac4f7e77e3
|
@ -25,10 +25,13 @@
|
||||||
<% @rules6.each do |rule| -%>
|
<% @rules6.each do |rule| -%>
|
||||||
-A openstack-INPUT <%= rule %>
|
-A openstack-INPUT <%= rule %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
<% begin -%>
|
||||||
<% @allowed_hosts.each do |host| -%>
|
<% @allowed_hosts.each do |host| -%>
|
||||||
<% scope.call_function('dns_aaaa', [host['hostname']]).each do |addr| -%>
|
<% scope.call_function('dns_aaaa', [host['hostname']]).each do |addr| -%>
|
||||||
-A openstack-INPUT <% if host['protocol'] == 'tcp' %>-m state --state NEW <% end -%>-m <%= host['protocol'] %> -p <%= host['protocol'] %> -s <%= addr %> --dport <%= host['port'] %> -j ACCEPT
|
-A openstack-INPUT <% if host['protocol'] == 'tcp' %>-m state --state NEW <% end -%>-m <%= host['protocol'] %> -p <%= host['protocol'] %> -s <%= addr %> --dport <%= host['port'] %> -j ACCEPT
|
||||||
<% end -%>
|
<% end -%>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
<% rescue Resolv::ResolvError -%>
|
||||||
|
<% end -%>
|
||||||
-A openstack-INPUT -j REJECT --reject-with icmp6-adm-prohibited
|
-A openstack-INPUT -j REJECT --reject-with icmp6-adm-prohibited
|
||||||
COMMIT
|
COMMIT
|
||||||
|
|
Loading…
Reference in New Issue