From 4761fdb39621a552cb12029d208f89296656fee6 Mon Sep 17 00:00:00 2001
From: Nachi Ueno <nachi@nttmcl.com>
Date: Tue, 18 Dec 2012 15:12:18 -0800
Subject: [PATCH] Remove iptables forwarding rule for quantum-gate

Original default fowarding rule drops all packet including
the packets from quantum-dhcp. In this patch, we remove
forwarding rule

Change-Id: I68ec7440595a158e0a5f572868f37f54f5ffa1ba
Reviewed-on: https://review.openstack.org/18353
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
---
 modules/iptables/templates/rules.erb    | 1 -
 modules/iptables/templates/rules.v6.erb | 1 -
 2 files changed, 2 deletions(-)

diff --git a/modules/iptables/templates/rules.erb b/modules/iptables/templates/rules.erb
index 82e89f9ff3..81e4f10bcc 100644
--- a/modules/iptables/templates/rules.erb
+++ b/modules/iptables/templates/rules.erb
@@ -4,7 +4,6 @@
 :OUTPUT ACCEPT [0:0]
 :openstack-INPUT - [0:0]
 -A INPUT -j openstack-INPUT
--A FORWARD -j openstack-INPUT
 -A openstack-INPUT -i lo -j ACCEPT
 -A openstack-INPUT -p icmp --icmp-type any -j ACCEPT
 #-A openstack-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
diff --git a/modules/iptables/templates/rules.v6.erb b/modules/iptables/templates/rules.v6.erb
index 3bf60f2735..23097b6a37 100644
--- a/modules/iptables/templates/rules.v6.erb
+++ b/modules/iptables/templates/rules.v6.erb
@@ -4,7 +4,6 @@
 :OUTPUT ACCEPT [0:0]
 :openstack-INPUT - [0:0]
 -A INPUT -j openstack-INPUT
--A FORWARD -j openstack-INPUT
 -A openstack-INPUT -i lo -j ACCEPT
 -A openstack-INPUT -p icmpv6 -j ACCEPT
 -A openstack-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT