* Add DOCKER chain to iptables

author: Jhon Honce <jhonce@redhat.com> 2015-03-19 15:06:38 -0700
committer: Jhon Honce <jhonce@redhat.com> 2015-03-24 11:23:25 -0700
commit: 85e6948fca954d3c066bf5a6123ada6b96adf45c (patch)
tree: d7e49583abbc58b779239857ee401725fb6ce73d /roles/os_firewall
parent: 011ff923489fd1dd5fa072a685ce881ab69b8f1c (diff)
download: openshift-85e6948fca954d3c066bf5a6123ada6b96adf45c.tar.gz
openshift-85e6948fca954d3c066bf5a6123ada6b96adf45c.tar.bz2
openshift-85e6948fca954d3c066bf5a6123ada6b96adf45c.tar.xz
openshift-85e6948fca954d3c066bf5a6123ada6b96adf45c.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 87e77c083..3d46d6e2d 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -41,6 +41,20 @@
   changed_when: "'firewalld' in result.stdout"
   when: pkg_check.rc == 0
 
+- name: Check for DOCKER chain
+  shell: iptables -L |grep '^Chain DOCKER'
+  ignore_errors: yes
+  register: check_for_chain
+
+- name: Create DOCKER chain
+  command: iptables -N DOCKER
+  register: create_chain
+  when: check_for_chain.rc != 0
+
+- name: Persist DOCKER chain
+  command: service iptables save
+  when: create_chain.rc == 0
+
 - name: Add iptables allow rules
   os_firewall_manage_iptables:
     name: "{{ item.service }}"
author	Jhon Honce <jhonce@redhat.com>	2015-03-19 15:06:38 -0700
committer	Jhon Honce <jhonce@redhat.com>	2015-03-24 11:23:25 -0700
commit	85e6948fca954d3c066bf5a6123ada6b96adf45c (patch)
tree	d7e49583abbc58b779239857ee401725fb6ce73d /roles/os_firewall
parent	011ff923489fd1dd5fa072a685ce881ab69b8f1c (diff)
download	openshift-85e6948fca954d3c066bf5a6123ada6b96adf45c.tar.gz openshift-85e6948fca954d3c066bf5a6123ada6b96adf45c.tar.bz2 openshift-85e6948fca954d3c066bf5a6123ada6b96adf45c.tar.xz openshift-85e6948fca954d3c066bf5a6123ada6b96adf45c.zip