Add iptables rule to log dropped packets

Adds a rule to the bottom of the openstack-INPUT chain to log any packets that make it this far and are on their way to being rejected. This may help us find out why Devstack Ironic VM nodes occasionally cannot reach the host's TFTP server. Change-Id: I3980284a93f50ac8db16769f6ad87382aa55e898 Related-bug: #1393099
2014-11-19 10:47:36 -08:00 · 2014-11-19 10:47:36 -08:00 · 6cc7b4fd07
parent 5a480a5b1e
commit 6cc7b4fd07
1 changed files with 1 additions and 0 deletions
--- a/modules/openstack_project/manifests/single_use_slave.pp
+++ b/modules/openstack_project/manifests/single_use_slave.pp
@ -36,6 +36,7 @@ class openstack_project::single_use_slave (
        '-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT',
        '-p tcp --dport 8003 -s 172.24.4.0/24 -j ACCEPT',
        '-p tcp --dport 8004 -s 172.24.4.0/24 -j ACCEPT',
+        '-m limit --limit 2/min --log-prefix "iptables dropped: " -j LOG',
      ],
  }
  class { 'jenkins::slave':