Allow for persisting firewall rules
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| charm-advanced-routing |
Won't Fix
|
Wishlist
|
Unassigned | ||
Bug Description
This might be more appropriate for a separate charm, but for now, I'll file it here.
In conjunction with https:/
Presently I'm having to persist this via a manually-supplied scripts in /etc/networkd-
An example of such a script is as follows:
-----
#!/bin/sh
iptables -t mangle -N juju-PREROUTING
iptables -t mangle -N juju-POSTROUTING
if ! iptables -t mangle -C PREROUTING -j juju-PREROUTING; then
iptables -t mangle -I PREROUTING -j juju-PREROUTING
iptables -t mangle -A juju-PREROUTING -p tcp -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark --nfmask 0xf --ctmask 0xf
iptables -t mangle -A juju-PREROUTING -i bondA -m state --state NEW -j MARK --set-xmark 0x1/0xf
iptables -t mangle -A juju-PREROUTING -i bondB -m state --state NEW -j MARK --set-xmark 0x2/0xf
iptables -t mangle -A juju-PREROUTING -j RETURN
fi
if ! iptables -t mangle -C POSTROUTING -j juju-POSTROUTING; then
iptables -t mangle -A POSTROUTING -j juju-POSTROUTING
iptables -t mangle -A juju-POSTROUTING -p tcp -m state --state NEW -j CONNMARK --save-mark --nfmask 0xf --ctmask 0xf
iptables -t mangle -A juju-POSTROUTING -j RETURN
fi
exit 0
EOF
-----
| Paul Goins (vultaire) wrote | #1 |
| Changed in charm-advanced-routing: | |
| importance: | Undecided → Wishlist |
| Eric Chen (eric-chen) wrote | #2 |
| Changed in charm-advanced-routing: | |
| status: | New → Won't Fix |
I've written a charm for this. It is awaiting initial review and approval for movement to its own proper LMA charmers project.
https:/