68ec102343
The firewall role incorrectly used the 'proto' field in a rule as a conditional to decide if the rule should be created in iptables|ip6tables (or both). When proto was 'ipv6' the rule was not created in iptables, and when proto was 'ipv4' the rule was not created in ip6tables. When the proto field have 'ipv4' or 'ipv6' it is to create rules for ip-in-ip encapsulation. Encapsulating ipv4 in ipv6 or vice-versa is a valid usecase. This change adds the 'ipversion' property for rules. Closes-Bug: #1845170 Change-Id: I4b3463f27714721b2252640d8714da820da2eed6 |
||
---|---|---|
.. | ||
main.yml | ||
tripleo_firewall_add.yml | ||
tripleo_firewall_state.yml |