From 10b4205417e21a9aa9984d3b2d38a17cfded4738 Mon Sep 17 00:00:00 2001
From: portdirect <pete@port.direct>
Date: Wed, 27 Dec 2017 15:46:10 -0500
Subject: [PATCH] Dev-Deploy: Setup iptables for use with docker >= 1.13.1

With Docker >= 1.13.1 the default the default FORWARD chain policy
is configured to DROP, for the l3 agent to function as expected and
VMs reach the outside world correctly this needs to be set to ACCEPT.

Change-Id: I6bea3304f5eb4ab6b37283e94e20cda7e4119a44
---
 tools/deployment/developer/16-setup-gateway.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/deployment/developer/16-setup-gateway.sh b/tools/deployment/developer/16-setup-gateway.sh
index 2b28486135..3bc56f8536 100755
--- a/tools/deployment/developer/16-setup-gateway.sh
+++ b/tools/deployment/developer/16-setup-gateway.sh
@@ -21,6 +21,11 @@ OSH_EXT_SUBNET="172.24.4.0/24"
 sudo ip addr add ${OSH_BR_EX_ADDR} dev br-ex
 sudo ip link set br-ex up
 
+# NOTE(portdirect): With Docker >= 1.13.1 the default the default FORWARD chain
+# policy is configured to DROP, for the l3 agent to function as expected and
+# VMs reach the outside world correctly this needs to be set to ACCEPT.
+sudo iptables -P FORWARD ACCEPT
+
 # Setup masquerading on default route dev to public subnet
 DEFAULT_ROUTE_DEV="$(sudo ip -4 route list 0/0 | awk '{ print $5; exit }')"
 sudo iptables -t nat -A POSTROUTING -o ${DEFAULT_ROUTE_DEV} -s ${OSH_EXT_SUBNET} -j MASQUERADE