Code Review / apex.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 86c8fb3)
Adding moch-detached rules to FORWARD table 51/18751/2
authorDan Radez <dradez@redhat.com>
Tue, 16 Aug 2016 18:32:43 +0000 (14:32 -0400)
committerDan Radez <dradez@redhat.com>
Tue, 16 Aug 2016 19:12:02 +0000 (15:12 -0400)
Forwarded traffic doesn't pass through the output table
so adding http, https and dns traffic reject rules to
forward table also for a mock-detached state

Change-Id: Iab4b7f0f7c95068223636052979c4959db6feaa6
Signed-off-by: Dan Radez <dradez@redhat.com>
ci/util.sh patch | blob | history

diff --git a/ci/util.sh b/ci/util.sh
index bcb3a3a..8c09278 100755 (executable)
--- a/ci/util.sh
+++ b/ci/util.sh
@@ -91,19 +91,28 @@ parse_cmdline() {
             ;;
         mock-detached)
                 if [ "$2" == "on" ]; then
+                    echo "Ensuring we can talk to gerrit.opnfv.org"
+                    iptables -A OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT
                     echo "Blocking output http (80) traffic"
                     iptables -A OUTPUT -p tcp --dport 80 -j REJECT
+                    iptables -A FORWARD -p tcp --dport 80 -j REJECT
                     echo "Blocking output https (443) traffic"
                     iptables -A OUTPUT -p tcp --dport 443 -j REJECT
+                    iptables -A FORWARD -p tcp --dport 443 -j REJECT
                     echo "Blocking output dns (53) traffic"
-                    iptables -A OUTPUT -p tcp --dport 53 -j REJECT
+                    iptables -A FORWARD -p tcp --dport 53 -j REJECT
                 elif [ "$2" == "off" ]; then
+                    echo "Cleaning gerrit.opnfv.org specific rule"
+                    iptables -D OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT
                     echo "Allowing output http (80) traffic"
                     iptables -D OUTPUT -p tcp --dport 80 -j REJECT
+                    iptables -D FORWARD -p tcp --dport 80 -j REJECT
                     echo "Allowing output https (443) traffic"
                     iptables -D OUTPUT -p tcp --dport 443 -j REJECT
+                    iptables -D FORWARD -p tcp --dport 443 -j REJECT
                     echo "Allowing output dns (53) traffic"
                     iptables -D OUTPUT -p tcp --dport 53 -j REJECT
+                    iptables -D FORWARD -p tcp --dport 53 -j REJECT
                 else
                     display_usage
                 fi