summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Radez <dradez@redhat.com>2016-08-16 14:32:43 -0400
committerDan Radez <dradez@redhat.com>2016-08-16 15:12:02 -0400
commit02421ca1cb31c33219ccea540f37d8dc6f1f9bde (patch)
treedd3dfc9ba402b1261f2eeeebdbcbefa41922204a
parent86c8fb3c833dd9acc80bb0e5367bee50aeebd5df (diff)
Adding moch-detached rules to FORWARD table
Forwarded traffic doesn't pass through the output table so adding http, https and dns traffic reject rules to forward table also for a mock-detached state Change-Id: Iab4b7f0f7c95068223636052979c4959db6feaa6 Signed-off-by: Dan Radez <dradez@redhat.com>
-rwxr-xr-xci/util.sh11
1 files changed, 10 insertions, 1 deletions
diff --git a/ci/util.sh b/ci/util.sh
index bcb3a3a7..8c09278a 100755
--- a/ci/util.sh
+++ b/ci/util.sh
@@ -91,19 +91,28 @@ parse_cmdline() {
;;
mock-detached)
if [ "$2" == "on" ]; then
+ echo "Ensuring we can talk to gerrit.opnfv.org"
+ iptables -A OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT
echo "Blocking output http (80) traffic"
iptables -A OUTPUT -p tcp --dport 80 -j REJECT
+ iptables -A FORWARD -p tcp --dport 80 -j REJECT
echo "Blocking output https (443) traffic"
iptables -A OUTPUT -p tcp --dport 443 -j REJECT
+ iptables -A FORWARD -p tcp --dport 443 -j REJECT
echo "Blocking output dns (53) traffic"
- iptables -A OUTPUT -p tcp --dport 53 -j REJECT
+ iptables -A FORWARD -p tcp --dport 53 -j REJECT
elif [ "$2" == "off" ]; then
+ echo "Cleaning gerrit.opnfv.org specific rule"
+ iptables -D OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT
echo "Allowing output http (80) traffic"
iptables -D OUTPUT -p tcp --dport 80 -j REJECT
+ iptables -D FORWARD -p tcp --dport 80 -j REJECT
echo "Allowing output https (443) traffic"
iptables -D OUTPUT -p tcp --dport 443 -j REJECT
+ iptables -D FORWARD -p tcp --dport 443 -j REJECT
echo "Allowing output dns (53) traffic"
iptables -D OUTPUT -p tcp --dport 53 -j REJECT
+ iptables -D FORWARD -p tcp --dport 53 -j REJECT
else
display_usage
fi