Merge pull request #4329 from srampal/rhel_ose_aci

Merged by openshift-bot
author: OpenShift Bot <eparis+openshiftbot@redhat.com> 2017-06-18 22:21:48 -0400
committer: GitHub <noreply@github.com> 2017-06-18 22:21:48 -0400
commit: 865b3511d3df6fa5d938dda72e9d748c6c615c76 (patch)
tree: d28a590c30f208d9436e5aee3802dd4ea259e94a /roles/contiv/tasks/netplugin_iptables.yml
parent: 9545204f504f1dcf3de18272dc1fb951dd15f486 (diff)
parent: 76d1ee25b7570add1531ba232c46977d7201a122 (diff)
download: openshift-865b3511d3df6fa5d938dda72e9d748c6c615c76.tar.gz
openshift-865b3511d3df6fa5d938dda72e9d748c6c615c76.tar.bz2
openshift-865b3511d3df6fa5d938dda72e9d748c6c615c76.tar.xz
openshift-865b3511d3df6fa5d938dda72e9d748c6c615c76.zip
1 files changed, 31 insertions, 2 deletions
diff --git a/roles/contiv/tasks/netplugin_iptables.yml b/roles/contiv/tasks/netplugin_iptables.yml
index 8c348ac67..184c595c5 100644
--- a/roles/contiv/tasks/netplugin_iptables.yml
+++ b/roles/contiv/tasks/netplugin_iptables.yml
@@ -23,7 +23,36 @@
   notify: Save iptables rules
 
 - name: Netplugin IPtables | Open vxlan port with iptables
-  command: /sbin/iptables -I INPUT 1 -p udp --dport 8472 -j ACCEPT -m comment --comment "vxlan"
+  command: /sbin/iptables -I INPUT 1 -p udp --dport 8472 -j ACCEPT -m comment --comment "netplugin vxlan 8472"
+  when: iptablesrules.stdout.find("netplugin vxlan 8472") == -1
+  notify: Save iptables rules
 
 - name: Netplugin IPtables | Open vxlan port with iptables
-  command: /sbin/iptables -I INPUT 1 -p udp --dport 4789 -j ACCEPT -m comment --comment "vxlan"
+  command: /sbin/iptables -I INPUT 1 -p udp --dport 4789 -j ACCEPT -m comment --comment "netplugin vxlan 4789"
+  when: iptablesrules.stdout.find("netplugin vxlan 4789") == -1
+  notify: Save iptables rules
+
+- name: Netplugin IPtables | Allow from contivh0
+  command: /sbin/iptables -I FORWARD 1 -i contivh0 -j ACCEPT -m comment --comment "contivh0 FORWARD input"
+  when: iptablesrules.stdout.find("contivh0 FORWARD input") == -1
+  notify: Save iptables rules
+
+- name: Netplugin IPtables | Allow to contivh0
+  command: /sbin/iptables -I FORWARD 1 -o contivh0 -j ACCEPT -m comment --comment "contivh0 FORWARD output"
+  when: iptablesrules.stdout.find("contivh0 FORWARD output") == -1
+  notify: Save iptables rules
+
+- name: Netplugin IPtables | Allow from contivh1
+  command: /sbin/iptables -I FORWARD 1 -i contivh1 -j ACCEPT -m comment --comment "contivh1 FORWARD input"
+  when: iptablesrules.stdout.find("contivh1 FORWARD input") == -1
+  notify: Save iptables rules
+
+- name: Netplugin IPtables | Allow to contivh1
+  command: /sbin/iptables -I FORWARD 1 -o contivh1 -j ACCEPT -m comment --comment "contivh1 FORWARD output"
+  when: iptablesrules.stdout.find("contivh1 FORWARD output") == -1
+  notify: Save iptables rules
+
+- name: Netplugin IPtables | Allow dns
+  command: /sbin/iptables -I INPUT 1 -p udp --dport 53 -j ACCEPT -m comment --comment "contiv dns"
+  when: iptablesrules.stdout.find("contiv dns") == -1
+  notify: Save iptables rules
author	OpenShift Bot <eparis+openshiftbot@redhat.com>	2017-06-18 22:21:48 -0400
committer	GitHub <noreply@github.com>	2017-06-18 22:21:48 -0400
commit	865b3511d3df6fa5d938dda72e9d748c6c615c76 (patch)
tree	d28a590c30f208d9436e5aee3802dd4ea259e94a /roles/contiv/tasks/netplugin_iptables.yml
parent	9545204f504f1dcf3de18272dc1fb951dd15f486 (diff)
parent	76d1ee25b7570add1531ba232c46977d7201a122 (diff)
download	openshift-865b3511d3df6fa5d938dda72e9d748c6c615c76.tar.gz openshift-865b3511d3df6fa5d938dda72e9d748c6c615c76.tar.bz2 openshift-865b3511d3df6fa5d938dda72e9d748c6c615c76.tar.xz openshift-865b3511d3df6fa5d938dda72e9d748c6c615c76.zip