From ac4f7e77e38ef1092000e71c23ec0eef08a72766 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Wed, 21 Feb 2018 12:10:23 +1100
Subject: [PATCH] Allow allowed_hosts to not have ipv6 interfaces

This puts a conditional around the AAAA lookup so we can add hosts in
clouds that don't provide an IPv6 address.

Change-Id: I97e82a41fdbe31e7bce6f05b8e6aa39834c42548
---
 templates/rules.v6.erb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/templates/rules.v6.erb b/templates/rules.v6.erb
index e6f195e..3ae8b95 100644
--- a/templates/rules.v6.erb
+++ b/templates/rules.v6.erb
@@ -25,10 +25,13 @@
 <% @rules6.each do |rule| -%>
 -A openstack-INPUT <%= rule %>
 <% end -%>
+<% begin -%>
 <% @allowed_hosts.each do |host| -%>
 <% scope.call_function('dns_aaaa', [host['hostname']]).each do |addr| -%>
 -A openstack-INPUT <% if host['protocol'] == 'tcp' %>-m state --state NEW <% end -%>-m <%= host['protocol'] %> -p <%= host['protocol'] %> -s <%= addr %> --dport <%= host['port'] %> -j ACCEPT
 <% end -%>
 <% end -%>
+<% rescue Resolv::ResolvError -%>
+<% end -%>
 -A openstack-INPUT -j REJECT --reject-with icmp6-adm-prohibited
 COMMIT