From 7aa44dd1eff96a341cec4484eb541484592f29bb Mon Sep 17 00:00:00 2001
From: MJB <mjb@it-innovation.soton.ac.uk>
Date: Mon, 4 Jun 2018 21:09:05 +0100
Subject: [PATCH] persistent ip tables
---
Vagrantfile | 8 ++++++++
Vagrantfile.libvirt | 8 ++++++++
scripts/test/fixture.sh | 41 ++++++++++++++++++++++++-----------------
3 files changed, 40 insertions(+), 17 deletions(-)
diff --git a/Vagrantfile b/Vagrantfile
index fcf7b38..0a9a853 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -1,9 +1,17 @@
$lxc_script = <<-SCRIPT
apt-get update
+
+# install util for persistent ip tables
+echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
+echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
+sudo apt-get -y install iptables-persistent
+
+# install lxc
apt-get install lxc lxc-templates wget bridge-utils jq -y
lxc-checkconfig
+# configure lxc for specific CIDR network
touch /etc/lxc/dnsmasq.conf
sed -i s/10.0.3/172.40.231/g /etc/default/lxc-net
sed -i s/#LXC_DHCP_CONFILE/LXC_DHCP_CONFILE/g /etc/default/lxc-net
diff --git a/Vagrantfile.libvirt b/Vagrantfile.libvirt
index 5a3bae4..c7ac8b9 100644
--- a/Vagrantfile.libvirt
+++ b/Vagrantfile.libvirt
@@ -1,9 +1,17 @@
$lxc_script = <<-SCRIPT
apt-get update
+
+# install util for persistent ip tables
+echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
+echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
+sudo apt-get -y install iptables-persistent
+
+# install lxc
apt-get install lxc lxc-templates wget bridge-utils jq -y
lxc-checkconfig
+# configure lxc for specific CIDR network
touch /etc/lxc/dnsmasq.conf
sed -i s/10.0.3/172.40.231/g /etc/default/lxc-net
sed -i s/#LXC_DHCP_CONFILE/LXC_DHCP_CONFILE/g /etc/default/lxc-net
diff --git a/scripts/test/fixture.sh b/scripts/test/fixture.sh
index 8796983..26a5058 100755
--- a/scripts/test/fixture.sh
+++ b/scripts/test/fixture.sh
@@ -87,14 +87,16 @@ create() {
# set forward ports
ports=$(echo $SERVICE | jq -r '.forward_ports')
- for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
- _jq() {
- echo ${row} | base64 --decode | jq -r ${1}
- }
- guest_port=$(_jq '.guest')
- host_port=$(_jq '.host')
- iptables -t nat -A PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
- done
+ if [ "$ports" != "null" ]; then
+ for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
+ _jq() {
+ echo ${row} | base64 --decode | jq -r ${1}
+ }
+ guest_port=$(_jq '.guest')
+ host_port=$(_jq '.host')
+ iptables -t nat -A PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
+ done
+ fi
fi
}
@@ -130,14 +132,17 @@ destroy() {
# remove forward ports
ports=$(echo $SERVICE | jq -r '.forward_ports')
- for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
- _jq() {
- echo ${row} | base64 --decode | jq -r ${1}
- }
- guest_port=$(_jq '.guest')
- host_port=$(_jq '.host')
- iptables -t nat -D PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
- done
+ if [ "$ports" != "null" ]; then
+ echo "destroy ports"
+ for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
+ _jq() {
+ echo ${row} | base64 --decode | jq -r ${1}
+ }
+ guest_port=$(_jq '.guest')
+ host_port=$(_jq '.host')
+ iptables -t nat -D PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
+ done
+ fi
fi
}
@@ -200,6 +205,8 @@ for service_name in $service_names; do
fi
done
+
+
echo "------>Create iptables summary"
iptables -t nat -L -n -v
-iptables-save
+iptables-save > /etc/iptables/rules.v4
--
GitLab