roles/nuage_node/tasks/iptables.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

---
- name: IPtables | Get iptables rules
  command: iptables -L --wait
  register: iptablesrules
  check_mode: no

- name: Allow traffic from overlay to underlay
  command: /sbin/iptables --wait -I FORWARD 1 -s {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-overlay-underlay"
  when: "'nuage-overlay-underlay' not in iptablesrules.stdout"
  notify:
    - save iptable rules

- name: Allow traffic from underlay to overlay
  command: /sbin/iptables --wait -I FORWARD 1 -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-underlay-overlay"
  when: "'nuage-underlay-overlay' not in iptablesrules.stdout"
  notify:
    - save iptable rules

- name: Allow docker daemon traffic from underlay to overlay
  command: /sbin/iptables -t nat -A POSTROUTING ! -s {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -o svc-pat-tap -j MASQUERADE -m comment --comment "nuage-docker-underlay-overlay"
  when: "'nuage-docker-underlay-overlay' not in iptablesrules.stdout"
  notify:
    - save iptable rules