Gitiles
Code Review Sign In
gerrit.opencord.org / platform-install / 82a6b78b4dcfd0fd184917a4b26c1c6ed5902ec8 / . / files / etc / libvirt / hooks / qemu
blob: 1c947f96d82557e61e950affb2729913c2dc7146 [file] [log] [blame]
Andy Bavier8d51c6c2015-04-01 11:40:22 -0400[diff] [blame]1#!/bin/sh
2
3SHELL="/bin/bash"
4
Andy Baviercc27db02015-10-05 15:02:47 -0400[diff] [blame]5NIC=$( route|grep default|awk '{print $NF}' )
Andy Bavier8cd2b782016-02-15 10:46:09 -0500[diff] [blame]6PORTAL=$( dig +short portal.opencloud.us | tail -1 )
Andy Bavier8d51c6c2015-04-01 11:40:22 -0400[diff] [blame]7
8NAME="${1}"
9OP="${2}"
10SUBOP="${3}"
11ARGS="${4}"
12
13add_rule() {
Andy Baviercc27db02015-10-05 15:02:47 -0400[diff] [blame]14 CHAIN=$1
15 ARGS=$2
16 iptables -C $CHAIN $ARGS
Andy Bavier8d51c6c2015-04-01 11:40:22 -0400[diff] [blame]17 if [ "$?" -ne 0 ]
18 then
Andy Baviercc27db02015-10-05 15:02:47 -0400[diff] [blame]19 iptables -I $CHAIN 1 $ARGS
Andy Bavier8d51c6c2015-04-01 11:40:22 -0400[diff] [blame]20 fi
21}
22
23add_local_access_rules() {
24 SUBNET=$( ip addr show $NIC|grep "inet "|awk '{print $2}' )
Andy Baviercc27db02015-10-05 15:02:47 -0400[diff] [blame]25 PRIVATENET=$( ip addr show virbr0|grep "inet "|awk '{print $2}' )
26 add_rule "FORWARD" "-s $SUBNET -j ACCEPT"
27 # Don't NAT traffic from service VMs destined to the local subnet
28 add_rule "POSTROUTING" "-t nat -s $PRIVATENET -d $SUBNET -j RETURN"
Andy Bavier8d51c6c2015-04-01 11:40:22 -0400[diff] [blame]29}
30
31add_portal_access_rules() {
Andy Baviercc27db02015-10-05 15:02:47 -0400[diff] [blame]32 add_rule "FORWARD" "-s $PORTAL -j ACCEPT"
Andy Bavier8d51c6c2015-04-01 11:40:22 -0400[diff] [blame]33}
34
35add_web_access_rules() {
Andy Baviercc27db02015-10-05 15:02:47 -0400[diff] [blame]36 add_rule "FORWARD" "-p tcp --dport 80 -j ACCEPT"
Andy Bavier8d51c6c2015-04-01 11:40:22 -0400[diff] [blame]37}
38
39if [ "$OP" = "start" ]
40then
41 add_local_access_rules
42 add_portal_access_rules
43 add_web_access_rules
Andy Baviercc27db02015-10-05 15:02:47 -0400[diff] [blame]44fi