post scripts configfirewall for ubuntu is NOT implemented.

An extreme cluster/cloud administration toolkit

Brought to you by: besawn, cxhong, gurevich, obihoernchen, victorhu

#4572 post scripts configfirewall for ubuntu is NOT implemented.

Milestone: 2.9

Status: open

Owner: leo.c.wu

Labels: firewall (1)

component: postscripts

Priority: 5

Updated: 2015-02-15

Created: 2015-02-15

Creator: leo.c.wu

Private: No

Discussion

leo.c.wu - 2015-02-15

Below is my diff, please take a look.

diff --git a/xCAT/postscripts/configfirewall b/xCAT/postscripts/configfirewall
index 4e972ca..eb2c81f 100755
--- a/xCAT/postscripts/configfirewall
+++ b/xCAT/postscripts/configfirewall
@@ -192,9 +192,39 @@ elsif (-f "/etc/SuSE-release")
#system($cmd);
xCAT::Utils->enableservice("firewall");
}
+elsif (system("grep -i ubuntu /etc/issue > /dev/null 2>&1") == 0)
+{
+ my $fwconf = "/etc/fwrules.ubuntu";
+
+ if($::opt_private && $::opt_public)
+ {
+ &setup_ip_forwarding();
+ my $cmd = &generate_iptables_conf($::opt_private, $::opt_public);
+ system($cmd);
+ }
+
+ if ($::opt_nat)
+ {
+ my $cmd = &generate_nat_conf($::opt_private, $::opt_public);
+ system($cmd);
+ }
+
+ # iptables configuration should be persistent through reboots
+ my $cmd = "iptables-save > $fwconf";
+ system($cmd);
+
+ #put the iptables to rc.local, make firewall rules can be applied when system startup
+ if (system("grep '^iptables-restore.*$fwconf' /etc/rc.local"))
+ {
+ $cmd = "sed -i '2i iptables-restore < $fwconf' /etc/rc.local ";
+ system($cmd);
+ }
+}
else
{
- #Ubuntu: FIXME
+ #if this block is hit, it should be an unknown OS.
+ print "unknow os system";
+ exit 1;
}

exit 0;

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: