persistent ip tables

7aa44dd1 · MJB · 472d04ce · 7aa44dd1 · 7aa44dd1 · 7aa44dd1
Commit 7aa44dd1 authored 6 years ago by MJB
--- a/Vagrantfile
+++ b/Vagrantfile
 $lxc_script = <<-SCRIPT

 apt-get update
+
+# install util for persistent ip tables
+echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
+echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
+sudo apt-get -y install iptables-persistent
+
+# install lxc
 apt-get install lxc lxc-templates wget bridge-utils jq -y
 lxc-checkconfig

+# configure lxc for specific CIDR network
 touch /etc/lxc/dnsmasq.conf
 sed -i s/10.0.3/172.40.231/g /etc/default/lxc-net
 sed -i s/#LXC_DHCP_CONFILE/LXC_DHCP_CONFILE/g /etc/default/lxc-net

--- a/Vagrantfile.libvirt
+++ b/Vagrantfile.libvirt
 $lxc_script = <<-SCRIPT

 apt-get update
+
+# install util for persistent ip tables
+echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
+echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
+sudo apt-get -y install iptables-persistent
+
+# install lxc
 apt-get install lxc lxc-templates wget bridge-utils jq -y
 lxc-checkconfig

+# configure lxc for specific CIDR network
 touch /etc/lxc/dnsmasq.conf
 sed -i s/10.0.3/172.40.231/g /etc/default/lxc-net
 sed -i s/#LXC_DHCP_CONFILE/LXC_DHCP_CONFILE/g /etc/default/lxc-net

--- a/scripts/test/fixture.sh
+++ b/scripts/test/fixture.sh
@@ -87,14 +87,16 @@ create() {

        # set forward ports
        ports=$(echo $SERVICE | jq -r '.forward_ports')
-        for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
-            _jq() {
-            echo ${row} | base64 --decode | jq -r ${1}
-            }
-            guest_port=$(_jq '.guest')
-            host_port=$(_jq '.host')
-            iptables -t nat -A PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
-        done        
+        if [ "$ports" != "null" ]; then
+            for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
+                _jq() {
+                echo ${row} | base64 --decode | jq -r ${1}
+                }
+                guest_port=$(_jq '.guest')
+                host_port=$(_jq '.host')
+                iptables -t nat -A PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
+            done
+        fi        
    fi
 }

@@ -130,14 +132,17 @@ destroy() {

        # remove forward ports
        ports=$(echo $SERVICE | jq -r '.forward_ports')
-        for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
-            _jq() {
-            echo ${row} | base64 --decode | jq -r ${1}
-            }
-            guest_port=$(_jq '.guest')
-            host_port=$(_jq '.host')
-            iptables -t nat -D PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
-        done        
+        if [ "$ports" != "null" ]; then
+            echo "destroy ports"
+            for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
+                _jq() {
+                echo ${row} | base64 --decode | jq -r ${1}
+                }
+                guest_port=$(_jq '.guest')
+                host_port=$(_jq '.host')
+                iptables -t nat -D PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
+            done
+        fi        
    fi    
 }

@@ -200,6 +205,8 @@ for service_name in $service_names; do
    fi
 done

+
+
 echo "------>Create iptables summary"
 iptables -t nat -L -n -v
-iptables-save
+iptables-save > /etc/iptables/rules.v4