tripleo

  1. Bug #1657108
  2. Comment #14

Comment 14 for bug 1657108

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/426143
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=d5d4cc1094365b6bb147216d2ec99ddc36020a31
Submitter: Jenkins
Branch: master

commit d5d4cc1094365b6bb147216d2ec99ddc36020a31
Author: Michele Baldessari <email address hidden>
Date: Fri Jan 27 10:54:28 2017 +0100

    Add a default rule for dhcpv6 traffic

    Via bug https://bugs.launchpad.net/tripleo/+bug/1657108 we need
    to zero out the default rules in /etc/sysconfig/ip{6}tables in
    the image.
    We have done this for ipv4, but when we will do it for ipv6 we
    will also need to make sure we add a rule for dhcpv6 traffic
    as it is shipped in the iptables rpm. (See
    https://bugzilla.redhat.com/show_bug.cgi?id=1169036 for more info)

    With this change we correctly get the rule present (aka the first
    ACCEPT line. The second line is due to the stock ip6tables rule
    I had in my testing):
    [root@overcloud-controller-0 ~]# iptables -nvL |grep 546
    [root@overcloud-controller-0 ~]# ip6tables -nvL |grep 546
        0 0 ACCEPT udp * * ::/0 fe80::/64 multiport dports 546 /* 004 accept ipv6 dhcpv6 ipv6 */ state NEW
        0 0 ACCEPT udp * * ::/0 fe80::/64 udp dpt:546 state NEW

    Change-Id: If22080054b2b1fa7acfd101e8c34d2707e8e7864
    Partial-Bug: #1657108