X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=ci%2Futil.sh;h=8c09278adf104b73dd8769b2f55e82fc830e5126;hb=e6d610962e039ef212814eee564221d96f5d5f5a;hp=f48dcd747d94e23b39475a1992604693d0e8e0dd;hpb=66f4a30987f870d5a6416b2c46c7dfb95130b4d9;p=apex.git diff --git a/ci/util.sh b/ci/util.sh index f48dcd74..8c09278a 100755 --- a/ci/util.sh +++ b/ci/util.sh @@ -5,7 +5,7 @@ CONFIG=${CONFIG:-'/var/opt/opnfv'} RESOURCES=${RESOURCES:-"$CONFIG/images"} LIB=${LIB:-"$CONFIG/lib"} -VALID_CMDS="undercloud overcloud opendaylight debug-stack -h --help" +VALID_CMDS="undercloud overcloud opendaylight debug-stack mock-detached -h --help" source $LIB/utility-functions.sh @@ -91,13 +91,28 @@ parse_cmdline() { ;; mock-detached) if [ "$2" == "on" ]; then - echo "Blocking output http and https traffic" + echo "Ensuring we can talk to gerrit.opnfv.org" + iptables -A OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT + echo "Blocking output http (80) traffic" iptables -A OUTPUT -p tcp --dport 80 -j REJECT + iptables -A FORWARD -p tcp --dport 80 -j REJECT + echo "Blocking output https (443) traffic" iptables -A OUTPUT -p tcp --dport 443 -j REJECT + iptables -A FORWARD -p tcp --dport 443 -j REJECT + echo "Blocking output dns (53) traffic" + iptables -A FORWARD -p tcp --dport 53 -j REJECT elif [ "$2" == "off" ]; then - echo "Allowing output http and https traffic" + echo "Cleaning gerrit.opnfv.org specific rule" + iptables -D OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT + echo "Allowing output http (80) traffic" iptables -D OUTPUT -p tcp --dport 80 -j REJECT + iptables -D FORWARD -p tcp --dport 80 -j REJECT + echo "Allowing output https (443) traffic" iptables -D OUTPUT -p tcp --dport 443 -j REJECT + iptables -D FORWARD -p tcp --dport 443 -j REJECT + echo "Allowing output dns (53) traffic" + iptables -D OUTPUT -p tcp --dport 53 -j REJECT + iptables -D FORWARD -p tcp --dport 53 -j REJECT else display_usage fi