From 59163643073370c58a201b45c0e1dd5556e2b0f6 Mon Sep 17 00:00:00 2001 From: Alexandru Avadanii Date: Mon, 17 Dec 2018 19:17:59 +0100 Subject: [mas01] Fix iptables pillar compatibility format Sync our reclass pillar data for mas01's iptables with latest formula changes [1]. [1] https://github.com/salt-formulas/salt-formula-iptables/commit/e353ce3c Change-Id: I66b2a75066ed512ab5ab4cc213d13d15c5c8cc7f Signed-off-by: Alexandru Avadanii --- .../cluster/all-mcp-arch-common/infra/maas.yml.j2 | 42 +++++++++++++--------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 index ee1d247ad..4b11478e4 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 @@ -148,21 +148,29 @@ parameters: netmask: ${_param:opnfv_net_admin_mask} type: eth iptables: + schema: + epoch: 1 service: - enabled: True - chain: - POSTROUTING: - rules: - - table: nat - source_network: '${_param:single_address}/${_param:opnfv_net_admin_mask}' - jump: MASQUERADE - INPUT: - rules: - - table: filter - source_network: '${_param:single_address}/${_param:opnfv_net_admin_mask}' - jump: ACCEPT - INPUT: - rules: - - table: filter - destination_network: '${_param:single_address}/${_param:opnfv_net_admin_mask}' - jump: ACCEPT + v4: + enabled: true + persistent_config: /etc/iptables/rules.v4 + v6: + enabled: false + tables: + v4: + filter: + chains: + INPUT: + ruleset: + 10: + rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask} + 11: + rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask} + nat: + chains: + POSTROUTING: + policy: ACCEPT + ruleset: + 10: + rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask} + action: MASQUERADE -- cgit 1.2.3-korg