From 4ed555514ac992b0f965c27757b7e70c86565c1e Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda@yahoo.com>
Date: Sat, 25 Sep 2010 10:47:51 -0700
Subject: [PATCH] disable output drop for the moment because it is too
 restrictive

---
 setup_iptables.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/setup_iptables.sh b/setup_iptables.sh
index b7e2f9a1..dd91c76e 100755
--- a/setup_iptables.sh
+++ b/setup_iptables.sh
@@ -52,6 +52,11 @@ if [ "$CMD" == "clear" ]; then
     iptables -F nova_output
     iptables -F nova_forward
     iptables -X
+    iptables -t nat -F
+    iptables -t nat -F nova_input
+    iptables -t nat -F nova_output
+    iptables -t nat -F nova_forward
+    iptables -t nat -X
 fi
 
 if [ "$CMD" == "base" ] || [ "$CMD" == "all" ]; then
@@ -73,7 +78,7 @@ if [ "$CMD" == "base" ] || [ "$CMD" == "all" ]; then
     iptables -N nova_forward
     iptables -A FORWARD -j nova_forward
 
-    iptables -P OUTPUT DROP
+    # iptables -P OUTPUT DROP  # too restrictive for the moment
     iptables -A OUTPUT -m state --state INVALID -j DROP
     iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
     iptables -N nova_output