rework iptables configuration
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
d3ea06c3e8
commit
b943d2d465
GPG key ID:
12E3D2136B818350
8 changed files with 93 additions and 98 deletions
|
|
@ -56,13 +56,13 @@ def get_listen_interfaces(metadata):
|
|||
)
|
||||
def iptables(metadata):
|
||||
rules = set()
|
||||
for _, subnet in node.metadata.get('dhcpd/subnets', {}).items():
|
||||
for subnet in node.metadata.get('dhcpd/subnets', {}).values():
|
||||
rules.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet['interface']))
|
||||
|
||||
return {
|
||||
'iptables': {
|
||||
'bundle_rules': {
|
||||
# iptables bundle relies on this being a list.
|
||||
# can't use port_rules here. We're generating interface based rules here.
|
||||
'dhcpd': sorted(list(rules)),
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue