bundles/dhcpd: add iptables rules
This commit is contained in:
parent
cdef8cdb13
commit
ad569f073e
GPG key ID:
12E3D2136B818350
1 changed files with 17 additions and 0 deletions
|
|
@ -23,6 +23,7 @@ def get_static_allocations(metadata):
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@metadata_reactor
|
@metadata_reactor
|
||||||
def get_listen_interfaces(metadata):
|
def get_listen_interfaces(metadata):
|
||||||
listen_interfaces = []
|
listen_interfaces = []
|
||||||
|
|
@ -34,3 +35,19 @@ def get_listen_interfaces(metadata):
|
||||||
'listen_interfaces': ' '.join(sorted(listen_interfaces)),
|
'listen_interfaces': ' '.join(sorted(listen_interfaces)),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor
|
||||||
|
def iptables(metadata):
|
||||||
|
iptables = set()
|
||||||
|
for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items():
|
||||||
|
iptables.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet.get('interface')))
|
||||||
|
|
||||||
|
return {
|
||||||
|
'iptables': {
|
||||||
|
'bundle_rules': {
|
||||||
|
# iptables bundle relies on this being a list.
|
||||||
|
'dhcpd': sorted(list(iptables)),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue