b349e39077
As advised in I072cf8bf6748d0c910fecffdf2282bcc4656d038, code should use 4 spaces for indentation. This commit enforces the use of 4 spaces indentation. In order to simplify the review process, this patch only cover the following elements: - bm-dnsmasq, - boot-stack, - cinder-volume - devstack - haproxy - keepalived - mariadb - mariadb-dev - memcached - mysql-common - mysql Change-Id: I7932fd24e72f7585e24ad3e0213f42361e668f7c
32 lines
1.2 KiB
Bash
Executable File
32 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Idempotently build an IPTables chain which will filter to only permitted MAC
|
|
# addresses, on incoming BOOTP requests on the control plane interface.
|
|
|
|
set -eux
|
|
|
|
INTERFACE=br-ctlplane
|
|
. /root/stackrc
|
|
MACS=$(for node in $(nova baremetal-node-list | grep -v '+\|ID' | awk ' { print $2 } '); do nova baremetal-interface-list $node | awk '/:/ { print $8}' ; done)
|
|
|
|
# In case this script crashed earlier, flush, unlink and delete the temp chain.
|
|
iptables -F FILTERBOOTPSNEW || true
|
|
iptables -D INPUT -i $INTERFACE -p udp --dport 67 -j FILTERBOOTPSNEW || true
|
|
iptables -X FILTERBOOTPSNEW || true
|
|
iptables -N FILTERBOOTPSNEW
|
|
# Build the chain we want.
|
|
for MAC in $MACS; do
|
|
iptables -A FILTERBOOTPSNEW -m mac --mac-source $MAC -j ACCEPT
|
|
done
|
|
# Drop rather than reject as this is a broadcast protocol: we'd just be
|
|
# creating noise on the network.
|
|
iptables -A FILTERBOOTPSNEW -j DROP
|
|
# Link it in.
|
|
iptables -I INPUT -i $INTERFACE -p udp --dport 67 -j FILTERBOOTPSNEW
|
|
# Delete the old chain if present.
|
|
iptables -F FILTERBOOTPS || true
|
|
iptables -D INPUT -i $INTERFACE -p udp --dport 67 -j FILTERBOOTPS || true
|
|
iptables -X FILTERBOOTPS || true
|
|
# Rename the new chain into permanence.
|
|
iptables -E FILTERBOOTPSNEW FILTERBOOTPS
|