tripleo

  1. Bug #1765700
  2. Comment #11

Comment 11 for bug 1765700

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to instack-undercloud (stable/queens)

Reviewed: https://review.openstack.org/563581
Committed: https://git.openstack.org/cgit/openstack/instack-undercloud/commit/?id=77f557416a6a4fd912ef8ab6e5154ef784741ccf
Submitter: Zuul
Branch: stable/queens

commit 77f557416a6a4fd912ef8ab6e5154ef784741ccf
Author: Harald Jensås <email address hidden>
Date: Sun Apr 22 13:12:01 2018 +0200

    Masquerading, do not persist ephemeral firewall rules

    Puppet class tripleo::firewall makes an effort to not
    persist ephemeral firewall rules created by neutron and
    ironic-inspector. In instack-undercloud the rules are
    persisted anyway because we run iptables-save when
    configuring masquerading.

    This changes the masquerading to also filter the rules,
    similar to what we do in tripleo::firewall.

    Additionally filtering of the Ironic Inspector iptables
    pxe_filter rules are implemented.

    Closes-Bug: #1765700
    Change-Id: I0cebfe4177981958c6e1a3b4b772f0a365f79e39
    (cherry picked from commit e49688be9844b9ae32e14747ad95a07be0fa142c)