Code Review / compass4nfv.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: c1f8ed8)
remove the forward reject rule of iptables 29/5329/1
authorJohn Anderson <sontek@gmail.com>
Mon, 28 Dec 2015 07:10:29 +0000 (15:10 +0800)
committercarey.xu <carey.xuhan@huawei.com>
Tue, 29 Dec 2015 00:38:57 +0000 (08:38 +0800)
  * Functest's testcase running in the docker, and need access openstack's
    network. But the libvirt nat networks will create forward iptable rules,
    which reject the connection from the docker.

Change-Id: Id0122879aa133ccb81a0bba1ea8d06ac36a65290
Author: carey.xu<carey.xuhan@huawei.com>
Signed-off-by: carey.xu <carey.xuhan@huawei.com>
deploy/network.sh patch | blob | history

diff --git a/deploy/network.sh b/deploy/network.sh
index 836af0f..c6d0df5 100755 (executable)
--- a/deploy/network.sh
+++ b/deploy/network.sh
@@ -1,4 +1,9 @@
 
+function clear_forward_rejct_rules()
+{
+    while sudo iptables -nL FORWARD --line-number|grep -E 'REJECT +all +-- +0.0.0.0/0 +0.0.0.0/0 +reject-with icmp-port-unreachable'|head -1|awk '{print $1}'|xargs sudo iptables -D FORWARD; do :; done
+}
+
 function setup_bridge_net()
 {
     net_name=$1
@@ -89,4 +94,5 @@ function create_nets() {
 
     # create external network
     setup_bridge_external
+    clear_forward_rejct_rules
 }