system-config

History

Ian Wienand efa858c58e iptables: handle hosts in allowed groups not having an ipv6 address The modified section of the rules.v6 template looks at the groups in the iptables_allowed_groups list and then allows access for each host specified in that group. Currently this extracts the 'public_v6' from the hostvars[host] directly, but this fails if the host in question doesn't actually have an ipv6 address. Modify this so we check if the variable exists, and then reference it via the hostvars dict. Note that in gate testing, ipv6 may be empty string (set from nodepool values), while it may not be a value at all if it is left out of the production inventory. "hostvars[host]['public_v6'] \| default(False)" should catch both cases. Change-Id: I90069efc7d72d881ec57670b9c6b426a8a5422a3	2023-01-12 21:48:22 +11:00
..
rules.v4.j2	Block outbound SMTP connections from test jobs	2021-12-09 18:46:38 +00:00
rules.v6.j2	iptables: handle hosts in allowed groups not having an ipv6 address	2023-01-12 21:48:22 +11:00

iptables: handle hosts in allowed groups not having an ipv6 address

The modified section of the rules.v6 template looks at the groups in
the iptables_allowed_groups list and then allows access for each host
specified in that group.

Currently this extracts the 'public_v6' from the hostvars[host]
directly, but this fails if the host in question doesn't actually have
an ipv6 address.

Modify this so we check if the variable exists, and then reference it
via the hostvars dict.  Note that in gate testing, ipv6 may be empty
string (set from nodepool values), while it may not be a value at all
if it is left out of the production inventory.
"hostvars[host]['public_v6'] | default(False)" should catch both
cases.

Change-Id: I90069efc7d72d881ec57670b9c6b426a8a5422a3

2023-01-12 21:48:22 +11:00

rules.v4.j2

Block outbound SMTP connections from test jobs

2021-12-09 18:46:38 +00:00

rules.v6.j2

iptables: handle hosts in allowed groups not having an ipv6 address

2023-01-12 21:48:22 +11:00