airship
/
treasuremap
Code Issues Proposed changes

Remove unwated iptables NAT and forward rule 

This commit removes unwanted NAT and forward rules
from control plane nodes. They need to be enabled if
and when SIP creates VMs on control plane nodes.

Change-Id: I7a06df92b2c5c66d898e2a8f17c86d812680f181
This commit is contained in:
Reddy, Hemachandra (hr858f) 2021-07-08 15:00:47 -05:00 committed by Hemachandra Reddy
parent 7e4710e9b3
commit 5696fe20b9
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
manifests/function/k8scontrol-vm-infra/iptables-setup.yaml
View File

@ -33,6 +33,7 @@
# activate ip_forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i REPLACEMENT_VM_INFRA_INTF -j ACCEPT
iptables -t nat -A POSTROUTING -s REPLACEMENT_VM_SUBNET_CIDR -o REPLACEMENT_MGMT_INTF -j MASQUERADE
# Uncomment the below two lines when SIP creates VMs on control plane nodes.
#iptables -A FORWARD -i REPLACEMENT_VM_INFRA_INTF -j ACCEPT
#iptables -t nat -A POSTROUTING -s REPLACEMENT_VM_SUBNET_CIDR -o REPLACEMENT_MGMT_INTF -j MASQUERADE
exit 0