Ensure FORWARD is ACCEPT by default

Newer versions of docker have switched to updating the FORWARD chain to
be DROP by default. This causes issues with the deployment. Update the
FORWARD chains to be ACCEPT by default.

Depends-On: Ib75f97748540b9162d76c9c189d3ca7e082b3784
Closes-Bug: #1750194

Change-Id: I93be7138e6a61cf3aadf19f53097d67469befc17
This commit is contained in:
Alex Schultz 2018-02-18 11:07:22 -07:00
parent a903c10542
commit da31c6e5ba
1 changed files with 13 additions and 0 deletions

View File

@ -894,6 +894,19 @@ nova::notify_on_state_change: 'vm_state'
# Firewall
tripleo::firewall::manage_firewall: true
# Docker switches FORWARD to DROP by default which causes issues on the
# undercloud. We are already included a REJECT rule in so switch these back
# to ACCEPT.
# https://bugs.launchpad.net/tripleo/+bug/1750194
tripleo::firewall::firewall_chains:
'FORWARD:filter:IPv4':
ensure: present
policy: accept
purge: false
'FORWARD:filter:IPv6':
ensure: present
policy: accept
purge: false
tripleo::firewall::firewall_rules:
'105 ntp':
dport: 123