Skip to content

GitLab

Commit 02421ca1 authored by Dan Radez's avatar Dan Radez
Browse files

Adding moch-detached rules to FORWARD table 



Forwarded traffic doesn't pass through the output table
so adding http, https and dns traffic reject rules to
forward table also for a mock-detached state

Change-Id: Iab4b7f0f7c95068223636052979c4959db6feaa6
Signed-off-by: default avatarDan Radez <dradez@redhat.com>
parent 86c8fb3c
Hide whitespace changes
Inline Side-by-side
ci/util.sh
View file @ 02421ca1
......@@ -91,19 +91,28 @@ parse_cmdline() {
;;
mock-detached)
if [ "$2" == "on" ]; then
echo "Ensuring we can talk to gerrit.opnfv.org"
iptables -A OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT
echo "Blocking output http (80) traffic"
iptables -A OUTPUT -p tcp --dport 80 -j REJECT
iptables -A FORWARD -p tcp --dport 80 -j REJECT
echo "Blocking output https (443) traffic"
iptables -A OUTPUT -p tcp --dport 443 -j REJECT
iptables -A FORWARD -p tcp --dport 443 -j REJECT
echo "Blocking output dns (53) traffic"
iptables -A OUTPUT -p tcp --dport 53 -j REJECT
iptables -A FORWARD -p tcp --dport 53 -j REJECT
elif [ "$2" == "off" ]; then
echo "Cleaning gerrit.opnfv.org specific rule"
iptables -D OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT
echo "Allowing output http (80) traffic"
iptables -D OUTPUT -p tcp --dport 80 -j REJECT
iptables -D FORWARD -p tcp --dport 80 -j REJECT
echo "Allowing output https (443) traffic"
iptables -D OUTPUT -p tcp --dport 443 -j REJECT
iptables -D FORWARD -p tcp --dport 443 -j REJECT
echo "Allowing output dns (53) traffic"
iptables -D OUTPUT -p tcp --dport 53 -j REJECT
iptables -D FORWARD -p tcp --dport 53 -j REJECT
else
display_usage
fi
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment