2 files changed, 11 insertions, 2 deletions

diff --git a/build/undercloud.sh b/build/undercloud.sh
index 43884b16..75aa265a 100755
--- a/build/undercloud.sh
+++ b/build/undercloud.sh
@@ -59,7 +59,7 @@ LIBGUESTFS_BACKEND=direct virt-customize \
     --run-command "sed -i '/SERVICE_LIST/a\\    \x27tacker\x27: {\x27password_field\x27: \x27OVERCLOUD_TACKER_PASSWORD\x27},' /usr/lib/python2.7/site-packages/tripleoclient/constants.py" \
     --run-command "sed -i '/PASSWORD_NAMES =/a\\    \"OVERCLOUD_TACKER_PASSWORD\",' /usr/lib/python2.7/site-packages/tripleoclient/utils.py" \
     --run-command "sed -i '/AodhPassword/a\\        parameters\[\x27TackerPassword\x27\] = passwords\[\x27OVERCLOUD_TACKER_PASSWORD\x27\]' /usr/lib/python2.7/site-packages/tripleoclient/v1/overcloud_deploy.py" \
-    --run-command "sed -i '/^SERVICES/a\    \x27tacker\x27: {\x27description\x27: \x27Tacker Service\x27, \x27type\x27: \x27servicevm\x27, \x27path\x27: \x27/\x27, \x27port\x27: 1789 },' /usr/lib/python2.7/site-packages/os_cloud_config/keystone.py" \
+    --run-command "sed -i '/^SERVICES/a\    \x27tacker\x27: {\x27description\x27: \x27Tacker Service\x27, \x27type\x27: \x27servicevm\x27, \x27path\x27: \x27/\x27, \x27port\x27: 8888 },' /usr/lib/python2.7/site-packages/os_cloud_config/keystone.py" \
     --upload /tmp/tacker.repo:/etc/yum.repos.d/ \
     --install "python-tackerclient" \
     --install "python2-aodhclient" \
diff --git a/ci/util.sh b/ci/util.sh
index bcb3a3a7..8c09278a 100755
--- a/ci/util.sh
+++ b/ci/util.sh
@@ -91,19 +91,28 @@ parse_cmdline() {
             ;;
         mock-detached)
                 if [ "$2" == "on" ]; then
+                    echo "Ensuring we can talk to gerrit.opnfv.org"
+                    iptables -A OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT
                     echo "Blocking output http (80) traffic"
                     iptables -A OUTPUT -p tcp --dport 80 -j REJECT
+                    iptables -A FORWARD -p tcp --dport 80 -j REJECT
                     echo "Blocking output https (443) traffic"
                     iptables -A OUTPUT -p tcp --dport 443 -j REJECT
+                    iptables -A FORWARD -p tcp --dport 443 -j REJECT
                     echo "Blocking output dns (53) traffic"
-                    iptables -A OUTPUT -p tcp --dport 53 -j REJECT
+                    iptables -A FORWARD -p tcp --dport 53 -j REJECT
                 elif [ "$2" == "off" ]; then
+                    echo "Cleaning gerrit.opnfv.org specific rule"
+                    iptables -D OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT
                     echo "Allowing output http (80) traffic"
                     iptables -D OUTPUT -p tcp --dport 80 -j REJECT
+                    iptables -D FORWARD -p tcp --dport 80 -j REJECT
                     echo "Allowing output https (443) traffic"
                     iptables -D OUTPUT -p tcp --dport 443 -j REJECT
+                    iptables -D FORWARD -p tcp --dport 443 -j REJECT
                     echo "Allowing output dns (53) traffic"
                     iptables -D OUTPUT -p tcp --dport 53 -j REJECT
+                    iptables -D FORWARD -p tcp --dport 53 -j REJECT
                 else
                     display_usage
                 fi