openstack
/
tripleo-ansible
Code Issues Proposed changes

Change drop action 

The new firewall rule action plugin was setting the rule state as absent
when using the drop "action", this change updates that so we're adding
drop rules and appending them to the rule chain.

Change-Id: I5105c007d890ec98b34eafba3ab410bf9ba4f089
Signed-off-by: Kevin Carter <kecarter@redhat.com>
(cherry picked from commit 8f11437b1c)
This commit is contained in:
Kevin Carter 2019-12-18 08:35:50 -06:00 committed by Alex Schultz
parent 6b943357fc
commit 2a0c376e42
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tripleo_ansible/ansible_plugins/action/tripleo_iptables.py
View File

@ -177,11 +177,12 @@ class ActionModule(ActionBase):
action = rule_data['action'] = rule.get('action', 'insert')
if action == 'drop':
rule_data['action'] = 'insert'
rule_data['state'] = 'absent'
rule_data['action'] = 'append'
rule_data['jump'] = rule.get('jump', 'DROP')
else:
rule_data['jump'] = rule.get('jump', 'ACCEPT')
rule_data['chain'] = rule.get('chain', 'INPUT')
rule_data['jump'] = rule.get('jump', 'ACCEPT')
rule_data['protocol'] = rule.get('proto', 'tcp')
if 'table' in rule:
rule_data['table'] = rule['table']