Browse Source

Allow allowed_hosts to not have ipv6 interfaces

This puts a conditional around the AAAA lookup so we can add hosts in
clouds that don't provide an IPv6 address.

Change-Id: I97e82a41fdbe31e7bce6f05b8e6aa39834c42548
changes/65/546465/3
Ian Wienand 1 year ago
parent
commit
ac4f7e77e3
1 changed files with 3 additions and 0 deletions
  1. 3
    0
      templates/rules.v6.erb

+ 3
- 0
templates/rules.v6.erb View File

@@ -25,10 +25,13 @@
25 25
 <% @rules6.each do |rule| -%>
26 26
 -A openstack-INPUT <%= rule %>
27 27
 <% end -%>
28
+<% begin -%>
28 29
 <% @allowed_hosts.each do |host| -%>
29 30
 <% scope.call_function('dns_aaaa', [host['hostname']]).each do |addr| -%>
30 31
 -A openstack-INPUT <% if host['protocol'] == 'tcp' %>-m state --state NEW <% end -%>-m <%= host['protocol'] %> -p <%= host['protocol'] %> -s <%= addr %> --dport <%= host['port'] %> -j ACCEPT
31 32
 <% end -%>
32 33
 <% end -%>
34
+<% rescue Resolv::ResolvError -%>
35
+<% end -%>
33 36
 -A openstack-INPUT -j REJECT --reject-with icmp6-adm-prohibited
34 37
 COMMIT

Loading…
Cancel
Save