Commit d56d3482 authored by Emanuel Calvo's avatar Emanuel Calvo
Browse files

Conntrack module rule addition at iptables

- conntrack module allows sharing services within iptables. Needs more
  investigation, probably related to versioning.
- Added cleanup for fcbr0 interface
parent 09859d21
......@@ -10,3 +10,4 @@ sudo ip link set dev $FIRECRACKER_BRIDGE up
sudo sysctl -w net.ipv4.ip_forward=1 > /dev/null
sudo iptables --table nat --append POSTROUTING --out-interface $EGRESS_IFACE -j MASQUERADE
sudo iptables --insert FORWARD --in-interface $FIRECRACKER_BRIDGE -j ACCEPT
sudo iptables -A FORWARD -m conntrack -o $FIRECRACKER_BRIDGE --ctstate RELATED,ESTABLISHED -j ACCEPT
......@@ -15,8 +15,12 @@ do
done
sudo ip link delete $FIRECRACKER_BRIDGE
sudo iptables -D FORWARD -m conntrack -o $FIRECRACKER_BRIDGE --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -D FORWARD --in-interface $FIRECRACKER_BRIDGE -j ACCEPT
rm -rf disks
rm -rf images
rm -rf keypairs
rm -rf drives
[ -f ansible/inventories/eks/hosts.yaml ] && rm ansible/inventories/eks/hosts.yaml
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment