iptables: Move SSH rules to post-scripts.

Previous change [1] introduced the addition of an iptables rule
that was supposed to allow SSH access on all ifaces (not only
admin iface) when additional ifaces are configured.

However, Fuel installer is flushing the rules after transplant
adds our SSH config, overwriting it.

Move iptables SSH config to post-install section, as standalone
script. In order to keep the same behavior, test ifcfg-eth0
(admin interface is expected to be called eth0 by convention)
for "DEFROUTE=no" and only whitelist SSH on all ifaces if it matches.

[1] https://gerrit.opnfv.org/gerrit/#/c/16571/

Change-Id: I086b75461daa62671cad10494fe34acfd77757ae
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>

1 files changed, 1 insertions, 3 deletions

diff --git a/patches/opnfv-fuel/0005-transplant-Generate-extra-interfaces-config-file.patch b/patches/opnfv-fuel/0005-transplant-Generate-extra-interfaces-config-file.patch
index 4313c5ea..1291769e 100644
--- a/patches/opnfv-fuel/0005-transplant-Generate-extra-interfaces-config-file.patch
+++ b/patches/opnfv-fuel/0005-transplant-Generate-extra-interfaces-config-file.patch
@@ -45,7 +45,7 @@ index e57a4fb..9a65cf6 100644
  )
  
  ASTUTE_YAML = '/etc/fuel/astute.yaml'
-@@ -35,15 +39,47 @@ def parse_arguments():
+@@ -35,15 +39,45 @@ def parse_arguments():
      check_file_exists(dea_file)
      return dea_file
  
@@ -88,8 +88,6 @@ index e57a4fb..9a65cf6 100644
 +        exec_cmd('echo "DEFROUTE=no" >> %s' % admin_ifcfg)
 +        log('At least one interface was reconfigured, restart network manager')
 +        exec_cmd('systemctl restart network')
-+        log('At least one interface was reconfigured, accept SSH on all')
-+        exec_cmd('iptables -A INPUT -p tcp --dport ssh -j ACCEPT')
      return astute