opendev/system-config
Code Issues Proposed changes

Merge "Switch IPv4 rejects from host-prohibit to admin"

Browse Source
This commit is contained in:
Zuul 2021-11-09 20:36:01 +00:00 committed by Gerrit Code Review
commit 890d59cd5f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
playbooks/roles/iptables/templates/rules.v4.j2
View File

@ -34,5 +34,5 @@
{% endif -%}
{% endfor -%}
{% endfor -%}
-A openstack-INPUT -j REJECT --reject-with icmp-host-prohibited
-A openstack-INPUT -j REJECT --reject-with icmp-admin-prohibited
COMMIT

2
testinfra/util.py
View File

@ -100,7 +100,7 @@ def verify_iptables(host):
'-A openstack-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT',
'-A openstack-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT',
'-A openstack-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT',
'-A openstack-INPUT -j REJECT --reject-with icmp-host-prohibited'
'-A openstack-INPUT -j REJECT --reject-with icmp-admin-prohibited'
]
for rule in needed_rules:
assert rule in rules