From 5696fe20b96cd5c1124c01d72cb213746b6b62f7 Mon Sep 17 00:00:00 2001
From: "Reddy, Hemachandra (hr858f)" <hr858f@att.com>
Date: Thu, 8 Jul 2021 15:00:47 -0500
Subject: [PATCH] Remove unwated iptables NAT and forward rule

This commit removes unwanted NAT and forward rules
from control plane nodes. They need to be enabled if
and when SIP creates VMs on control plane nodes.

Change-Id: I7a06df92b2c5c66d898e2a8f17c86d812680f181
---
 manifests/function/k8scontrol-vm-infra/iptables-setup.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/manifests/function/k8scontrol-vm-infra/iptables-setup.yaml b/manifests/function/k8scontrol-vm-infra/iptables-setup.yaml
index 83c3e7805..e9c177a7b 100644
--- a/manifests/function/k8scontrol-vm-infra/iptables-setup.yaml
+++ b/manifests/function/k8scontrol-vm-infra/iptables-setup.yaml
@@ -33,6 +33,7 @@
 
       # activate ip_forwarding
       echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
-      iptables -A FORWARD -i REPLACEMENT_VM_INFRA_INTF -j ACCEPT
-      iptables -t nat -A POSTROUTING -s REPLACEMENT_VM_SUBNET_CIDR -o REPLACEMENT_MGMT_INTF -j MASQUERADE
+      # Uncomment the below two lines when SIP creates VMs on control plane nodes.
+      #iptables -A FORWARD -i REPLACEMENT_VM_INFRA_INTF -j ACCEPT
+      #iptables -t nat -A POSTROUTING -s REPLACEMENT_VM_SUBNET_CIDR -o REPLACEMENT_MGMT_INTF -j MASQUERADE
       exit 0