opendev/system-config
Code Issues Proposed changes

Merge "Expand ranges on iptables rules for floating IPs"

Browse Source
This commit is contained in:
Jenkins 2015-02-04 13:07:39 +00:00 committed by Gerrit Code Review
commit 2949ebbe07
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/openstack_project/manifests/single_use_slave.pp
View File

@ -28,13 +28,13 @@ class openstack_project::single_use_slave (
[ [
# Ports 69 and 6385 allow to allow ironic VM nodes to reach tftp and # Ports 69 and 6385 allow to allow ironic VM nodes to reach tftp and
# the ironic API from the neutron public net # the ironic API from the neutron public net
'-p udp --dport 69 -s 172.24.4.0/24 -j ACCEPT', '-p udp --dport 69 -s 172.24.4.0/23 -j ACCEPT',
'-p tcp --dport 6385 -s 172.24.4.0/24 -j ACCEPT', '-p tcp --dport 6385 -s 172.24.4.0/23 -j ACCEPT',
# Ports 8000, 8003, 8004 from the devstack neutron public net to allow # Ports 8000, 8003, 8004 from the devstack neutron public net to allow
# nova servers to reach heat-api-cfn, heat-api-cloudwatch, heat-api # nova servers to reach heat-api-cfn, heat-api-cloudwatch, heat-api
'-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT', '-p tcp --dport 8000 -s 172.24.4.0/23 -j ACCEPT',
'-p tcp --dport 8003 -s 172.24.4.0/24 -j ACCEPT', '-p tcp --dport 8003 -s 172.24.4.0/23 -j ACCEPT',
'-p tcp --dport 8004 -s 172.24.4.0/24 -j ACCEPT', '-p tcp --dport 8004 -s 172.24.4.0/23 -j ACCEPT',
'-m limit --limit 2/min -j LOG --log-prefix "iptables dropped: "', '-m limit --limit 2/min -j LOG --log-prefix "iptables dropped: "',
], ],
} }