opendev/system-config
Code Issues Proposed changes

Add iptables rule to log dropped packets

Browse Source 
Adds a rule to the bottom of the openstack-INPUT chain to log any
packets that make it this far and are on their way to being rejected.
This may help us find out why Devstack Ironic VM nodes occasionally cannot
reach the host's TFTP server.

Change-Id: I3980284a93f50ac8db16769f6ad87382aa55e898
Related-bug: #1393099
This commit is contained in:
Adam Gandelman 2014-11-19 10:47:36 -08:00
parent 5a480a5b1e
commit 6cc7b4fd07
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/openstack_project/manifests/single_use_slave.pp
View File

@ -36,6 +36,7 @@ class openstack_project::single_use_slave (
'-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT',
'-p tcp --dport 8003 -s 172.24.4.0/24 -j ACCEPT',
'-p tcp --dport 8004 -s 172.24.4.0/24 -j ACCEPT',
'-m limit --limit 2/min --log-prefix "iptables dropped: " -j LOG',
],
}
class { 'jenkins::slave':