Merge "Expand ranges on iptables rules for floating IPs"

2015-02-04 13:07:39 +00:00 · 2015-02-04 13:07:39 +00:00 · 2949ebbe07
commit 2949ebbe07
parent c05134ae26 8c24694378
1 changed files with 5 additions and 5 deletions
--- a/modules/openstack_project/manifests/single_use_slave.pp
+++ b/modules/openstack_project/manifests/single_use_slave.pp
@ -28,13 +28,13 @@ class openstack_project::single_use_slave (
      [
        # Ports 69 and 6385 allow to allow ironic VM nodes to reach tftp and
        # the ironic API from the neutron public net
-        '-p udp --dport 69 -s 172.24.4.0/24 -j ACCEPT',
-        '-p tcp --dport 6385 -s 172.24.4.0/24 -j ACCEPT',
+        '-p udp --dport 69 -s 172.24.4.0/23 -j ACCEPT',
+        '-p tcp --dport 6385 -s 172.24.4.0/23 -j ACCEPT',
        # Ports 8000, 8003, 8004 from the devstack neutron public net to allow
        # nova servers to reach heat-api-cfn, heat-api-cloudwatch, heat-api
-        '-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT',
-        '-p tcp --dport 8003 -s 172.24.4.0/24 -j ACCEPT',
-        '-p tcp --dport 8004 -s 172.24.4.0/24 -j ACCEPT',
+        '-p tcp --dport 8000 -s 172.24.4.0/23 -j ACCEPT',
+        '-p tcp --dport 8003 -s 172.24.4.0/23 -j ACCEPT',
+        '-p tcp --dport 8004 -s 172.24.4.0/23 -j ACCEPT',
        '-m limit --limit 2/min -j LOG --log-prefix "iptables dropped: "',
      ],
  }