starlingx
/
stx-puppet
Code Issues Proposed changes

Merge "Remove firewall extra rule that blocks IPv6 traffic for IPv4 setups"

This commit is contained in:
Zuul 2024-04-19 16:13:06 +00:00 committed by Gerrit Code Review
parent c2554a69bd c49b369902
commit d9e6174439
1 changed files with 3 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
puppet-manifests/src/modules/platform/manifests/firewall.pp
View File

@ -404,16 +404,9 @@ class platform::firewall::extra (
) {
if $config != {} {
$config.each |$key, $value| {
if $key == 'ingress-ipv6-for-ipv4-install' {
$value.each |$interface| {
exec { "install ingress-ipv6-for-ipv4 in ${interface}" :
path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',
command => "ip6tables -t filter -A INPUT -i ${interface} -m comment --comment \"stx: block ingress IPv6 traffic for ${interface}\" -j DROP", # lint:ignore:140chars
logoutput => true,
onlyif => "[ $(ip6tables -n -L INPUT -t filter | grep -c \"stx: block ingress IPv6 traffic for ${interface}\") -eq 0 ]" # lint:ignore:140chars
}
}
}
# if $key == <key placeholder> {
# <process extra>
# }
}
}
}