From 3605f546f2e602a3ba775fb90119da199f49691e Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Fri, 30 Mar 2018 08:56:24 -0700
Subject: [PATCH] Remove nat/masquerading config workarounds.

1) This reverts commit e47d68eb11d3c2a1360c9018b6a47f05e874ecbc.
   That was technical debt, and with the new service in THT we don't need
   it anymore in Rocky.

2) This removes undercloud_external_network_cidr rule that shouldn't be
   useful since we control in THT for Rocky.

Closes-Bug: #1756183
Change-Id: I39b04f81803d76e419d1f3960edc4c927b2dbd4e
---
 .../templates/overcloud-prep-network.sh.j2                  | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/roles/overcloud-prep-network/templates/overcloud-prep-network.sh.j2 b/roles/overcloud-prep-network/templates/overcloud-prep-network.sh.j2
index ebca628e6..565d88b67 100644
--- a/roles/overcloud-prep-network/templates/overcloud-prep-network.sh.j2
+++ b/roles/overcloud-prep-network/templates/overcloud-prep-network.sh.j2
@@ -23,14 +23,12 @@ if ! sudo iptables -nvL INPUT | grep "$COMMENT"; then
 fi
 {% endif %}
 
-{% if network_isolation|bool and not overcloud_ipv6|bool %}
-
+{% if network_isolation|bool and not overcloud_ipv6|bool and (release in ['newton','ocata','pike','queens'] or not containerized_undercloud|bool) %}
 ## Setup Networking
 ## ----------------
 
 ## * Enable Masquerading for undercloud network.
-## This is technical debt, please look for full context:
-## https://bugs.launchpad.net/tripleo/+bug/1756183
+##   This is only useful before Rocky cycle.
 ## ::
 
 sudo iptables -w -t nat -D POSTROUTING -j BOOTSTACK_MASQ_OVB || true