persistent ip tables

7aa44dd1 · MJB · 472d04ce · 7aa44dd1 · 7aa44dd1 · 7aa44dd1
Commit 7aa44dd1 authored 6 years ago by MJB
--- a/Vagrantfile
+++ b/Vagrantfile
 $lxc_script = <<-SCRIPT
 apt-get update
+# install util for persistent ip tables
+echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
+echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
+sudo apt-get -y install iptables-persistent
+# install lxc
 apt-get install lxc lxc-templates wget bridge-utils jq -y
 lxc-checkconfig
+# configure lxc for specific CIDR network
 touch /etc/lxc/dnsmasq.conf
 sed -i s/10.0.3/172.40.231/g /etc/default/lxc-net
 sed -i s/#LXC_DHCP_CONFILE/LXC_DHCP_CONFILE/g /etc/default/lxc-net

--- a/Vagrantfile.libvirt
+++ b/Vagrantfile.libvirt
 $lxc_script = <<-SCRIPT
 apt-get update
+# install util for persistent ip tables
+echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
+echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
+sudo apt-get -y install iptables-persistent
+# install lxc
 apt-get install lxc lxc-templates wget bridge-utils jq -y
 lxc-checkconfig
+# configure lxc for specific CIDR network
 touch /etc/lxc/dnsmasq.conf
 sed -i s/10.0.3/172.40.231/g /etc/default/lxc-net
 sed -i s/#LXC_DHCP_CONFILE/LXC_DHCP_CONFILE/g /etc/default/lxc-net

--- a/scripts/test/fixture.sh
+++ b/scripts/test/fixture.sh
@@ -87,14 +87,16 @@ create() {
        # set forward ports
        ports=$(echo $SERVICE | jq -r '.forward_ports')
-        for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
+        if [ "$ports" != "null" ]; then
-            _jq() {
+            for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
-            echo ${row} | base64 --decode | jq -r ${1}
+                _jq() {
-            }
+                echo ${row} | base64 --decode | jq -r ${1}
-            guest_port=$(_jq '.guest')
+                }
-            host_port=$(_jq '.host')
+                guest_port=$(_jq '.guest')
-            iptables -t nat -A PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
+                host_port=$(_jq '.host')
-        done        
+                iptables -t nat -A PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
+            done
+        fi        
    fi
 }
@@ -130,14 +132,17 @@ destroy() {
        # remove forward ports
        ports=$(echo $SERVICE | jq -r '.forward_ports')
-        for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
+        if [ "$ports" != "null" ]; then
-            _jq() {
+            echo "destroy ports"
-            echo ${row} | base64 --decode | jq -r ${1}
+            for row in $(echo "${ports}" | jq -r '.[] | @base64'); do
-            }
+                _jq() {
-            guest_port=$(_jq '.guest')
+                echo ${row} | base64 --decode | jq -r ${1}
-            host_port=$(_jq '.host')
+                }
-            iptables -t nat -D PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
+                guest_port=$(_jq '.guest')
-        done        
+                host_port=$(_jq '.host')
+                iptables -t nat -D PREROUTING -p tcp -i enp0s3 --dport ${host_port} -j DNAT --to-destination ${ip}:${guest_port}
+            done
+        fi        
    fi    
 }
@@ -200,6 +205,8 @@ for service_name in $service_names; do
    fi
 done
 echo "------>Create iptables summary"
 iptables -t nat -L -n -v
-iptables-save
+iptables-save > /etc/iptables/rules.v4