commit 77f557416a6a4fd912ef8ab6e5154ef784741ccf
Author: Harald Jensås <email address hidden>
Date: Sun Apr 22 13:12:01 2018 +0200
Masquerading, do not persist ephemeral firewall rules
Puppet class tripleo::firewall makes an effort to not
persist ephemeral firewall rules created by neutron and
ironic-inspector. In instack-undercloud the rules are
persisted anyway because we run iptables-save when
configuring masquerading.
This changes the masquerading to also filter the rules,
similar to what we do in tripleo::firewall.
Additionally filtering of the Ironic Inspector iptables
pxe_filter rules are implemented.
Closes-Bug: #1765700
Change-Id: I0cebfe4177981958c6e1a3b4b772f0a365f79e39
(cherry picked from commit e49688be9844b9ae32e14747ad95a07be0fa142c)
Reviewed: https:/ /review. openstack. org/563581 /git.openstack. org/cgit/ openstack/ instack- undercloud/ commit/ ?id=77f557416a6 a4fd912ef8ab6e5 154ef784741ccf
Committed: https:/
Submitter: Zuul
Branch: stable/queens
commit 77f557416a6a4fd 912ef8ab6e5154e f784741ccf
Author: Harald Jensås <email address hidden>
Date: Sun Apr 22 13:12:01 2018 +0200
Masquerading, do not persist ephemeral firewall rules
Puppet class tripleo::firewall makes an effort to not inspector. In instack-undercloud the rules are
persist ephemeral firewall rules created by neutron and
ironic-
persisted anyway because we run iptables-save when
configuring masquerading.
This changes the masquerading to also filter the rules,
similar to what we do in tripleo::firewall.
Additionally filtering of the Ironic Inspector iptables
pxe_filter rules are implemented.
Closes-Bug: #1765700 58c6e1a3b4b772f 0a365f79e39 e32e14747ad95a0 7be0fa142c)
Change-Id: I0cebfe41779819
(cherry picked from commit e49688be9844b9a