summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdam Miller <admiller@redhat.com>2016-11-07 23:04:54 +0000
committerAdam Miller <admiller@redhat.com>2016-11-07 23:04:54 +0000
commite916d0bb46decacd56cd7a5effa118e966b3500c (patch)
tree4155327abfcb95a071779237d909581997e12e5f
parent1686f648868de8ec6beab92ed8ebfcdc79839e65 (diff)
downloadansible-e916d0bb46decacd56cd7a5effa118e966b3500c.tar.gz
ansible-e916d0bb46decacd56cd7a5effa118e966b3500c.tar.xz
ansible-e916d0bb46decacd56cd7a5effa118e966b3500c.zip
openshift builds aren't in the cluster overlay network, fix iptables rules
Signed-off-by: Adam Miller <admiller@redhat.com>
Diffstat
-rw-r--r--files/osbs/fix-docker-iptables.production50
-rw-r--r--files/osbs/fix-docker-iptables.staging50
2 files changed, 50 insertions, 50 deletions
diff --git a/files/osbs/fix-docker-iptables.production b/files/osbs/fix-docker-iptables.production
index 82b53cf96..fc8418659 100644
--- a/files/osbs/fix-docker-iptables.production
+++ b/files/osbs/fix-docker-iptables.production
@@ -8,47 +8,47 @@
iptables --flush FORWARD
# Re-insert some basic rules
-iptables -A FORWARD -o br0 -j DOCKER
-iptables -A FORWARD -o br0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-iptables -A FORWARD -i br0 -o br0 -j ACCEPT
+iptables -A FORWARD -o docker0 -j DOCKER
+iptables -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i docker0 -o docker0 -j ACCEPT
# Now insert access to allowed boxes
# docker-registry
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.125.56 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.56 --dport 443 -j ACCEPT
#koji.fp.o
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.125.61 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.125.61 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.61 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.61 --dport 443 -j ACCEPT
# pkgs
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.125.44 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.125.44 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.125.44 --dport 9418 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.44 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.44 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.44 --dport 9418 -j ACCEPT
# DNS
-iptables -A FORWARD -i br0 -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
-iptables -A FORWARD -i br0 -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
+iptables -A FORWARD -i docker0 -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
+iptables -A FORWARD -i docker0 -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
# mirrors.fp.o
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT
# dl.phx2
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
# Docker is CRAZY and forces Google DNS upon us.....
-iptables -A FORWARD -i br0 -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
-iptables -A FORWARD -i br0 -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
+iptables -A FORWARD -i docker0 -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
+iptables -A FORWARD -i docker0 -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
diff --git a/files/osbs/fix-docker-iptables.staging b/files/osbs/fix-docker-iptables.staging
index 6e5c2bee5..c204f7423 100644
--- a/files/osbs/fix-docker-iptables.staging
+++ b/files/osbs/fix-docker-iptables.staging
@@ -8,47 +8,47 @@
iptables --flush FORWARD
# Re-insert some basic rules
-iptables -A FORWARD -o br0 -j DOCKER
-iptables -A FORWARD -o br0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-iptables -A FORWARD -i br0 -o br0 -j ACCEPT
+iptables -A FORWARD -o docker0 -j DOCKER
+iptables -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i docker0 -o docker0 -j ACCEPT
# Now insert access to allowed boxes
# docker-registry
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.217 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.217 --dport 443 -j ACCEPT
#koji.fp.o
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.87 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.87 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.87 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.87 --dport 443 -j ACCEPT
# pkgs.stg
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.83 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.83 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.83 --dport 9418 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.83 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.83 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.83 --dport 9418 -j ACCEPT
# DNS
-iptables -A FORWARD -i br0 -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
-iptables -A FORWARD -i br0 -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
+iptables -A FORWARD -i docker0 -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
+iptables -A FORWARD -i docker0 -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
# mirrors.fp.o
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT
# dl.phx2
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT
-iptables -A FORWARD -i br0 -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT
+iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
# Docker is CRAZY and forces Google DNS upon us.....
-iptables -A FORWARD -i br0 -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
-iptables -A FORWARD -i br0 -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
+iptables -A FORWARD -i docker0 -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
+iptables -A FORWARD -i docker0 -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
generated by cgit (git 2.34.1) at 2025-09-22 13:19:15 +0000