tripleo

  1. Bug #1765700
  2. Comment #10

Comment 10 for bug 1765700

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to instack-undercloud (master)

Reviewed: https://review.openstack.org/563467
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=e49688be9844b9ae32e14747ad95a07be0fa142c
Submitter: Zuul
Branch: master

commit e49688be9844b9ae32e14747ad95a07be0fa142c
Author: Harald Jensås <email address hidden>
Date: Sun Apr 22 13:12:01 2018 +0200

    Masqeurading: NOT persist ephemeral firewall rules

    Puppet class tripleo::firewall makes an effort to not
    persist ephemeral firewall rules created by neutron and
    ironic-inspector. In instack-undercloud the rules are
    persisted anyway because we run iptables-save when
    configuring masquerading.

    This changes the masquerading to also filter the rules,
    similar to what we do in tripleo::firewall.

    Additionally filtering of the Ironic Inspector iptables
    pxe_filter rules are implemented.

    Closes-Bug: #1765700
    Change-Id: I0cebfe4177981958c6e1a3b4b772f0a365f79e39