From 74ca7978a4631f9df2e8cf31b7a0779adce6ffdc Mon Sep 17 00:00:00 2001
From: Adam Miller <admiller@redhat.com>
Date: Tue, 8 Nov 2016 15:07:52 +0000
Subject: [PATCH] switch iptables for osbs cluster docker bridge interface lbr0

Signed-off-by: Adam Miller <admiller@redhat.com>
---
 files/osbs/fix-docker-iptables.production | 50 +++++++++++------------
 files/osbs/fix-docker-iptables.staging    | 50 +++++++++++------------
 2 files changed, 50 insertions(+), 50 deletions(-)

diff --git a/files/osbs/fix-docker-iptables.production b/files/osbs/fix-docker-iptables.production
index fc84186597..2cf958b7fe 100644
--- a/files/osbs/fix-docker-iptables.production
+++ b/files/osbs/fix-docker-iptables.production
@@ -8,47 +8,47 @@
 iptables --flush FORWARD
 
 # Re-insert some basic rules
-iptables -A FORWARD -o docker0 -j DOCKER
-iptables -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-iptables -A FORWARD -i docker0 -o docker0 -j ACCEPT
+iptables -A FORWARD -o lbr0 -j DOCKER
+iptables -A FORWARD -o lbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i lbr0 -o lbr0 -j ACCEPT
 
 # Now insert access to allowed boxes
 # docker-registry
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.56 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.125.56 --dport 443 -j ACCEPT
 
 #koji.fp.o
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.61 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.61 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.125.61 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.125.61 --dport 443 -j ACCEPT
 
 # pkgs
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.44 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.44 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.125.44 --dport 9418 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.125.44 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.125.44 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.125.44 --dport 9418 -j ACCEPT
 
 # DNS
-iptables -A FORWARD -i docker0 -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
-iptables -A FORWARD -i docker0 -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
 
 # mirrors.fp.o
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT
 
 # dl.phx2
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
 
 
 # Docker is CRAZY and forces Google DNS upon us.....
-iptables -A FORWARD -i docker0 -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
-iptables -A FORWARD -i docker0 -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
 
 iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
 
diff --git a/files/osbs/fix-docker-iptables.staging b/files/osbs/fix-docker-iptables.staging
index c204f7423e..8fe05b9a71 100644
--- a/files/osbs/fix-docker-iptables.staging
+++ b/files/osbs/fix-docker-iptables.staging
@@ -8,47 +8,47 @@
 iptables --flush FORWARD
 
 # Re-insert some basic rules
-iptables -A FORWARD -o docker0 -j DOCKER
-iptables -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-iptables -A FORWARD -i docker0 -o docker0 -j ACCEPT
+iptables -A FORWARD -o lbr0 -j DOCKER
+iptables -A FORWARD -o lbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i lbr0 -o lbr0 -j ACCEPT
 
 # Now insert access to allowed boxes
 # docker-registry
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.217 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.217 --dport 443 -j ACCEPT
 
 #koji.fp.o
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.87 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.87 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.87 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.87 --dport 443 -j ACCEPT
 
 # pkgs.stg
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.83 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.83 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.83 --dport 9418 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.83 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.83 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.83 --dport 9418 -j ACCEPT
 
 # DNS
-iptables -A FORWARD -i docker0 -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
-iptables -A FORWARD -i docker0 -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
 
 # mirrors.fp.o
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.52 --dport 443 -j ACCEPT
 
 # dl.phx2
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT
-iptables -A FORWARD -i docker0 -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.93 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.93 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.94 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.94 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.95 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.95 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.96 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.96 --dport 443 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.97 --dport 80 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p tcp -m tcp -d 10.5.126.97 --dport 443 -j ACCEPT
 
 
 # Docker is CRAZY and forces Google DNS upon us.....
-iptables -A FORWARD -i docker0 -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
-iptables -A FORWARD -i docker0 -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
+iptables -A FORWARD -i lbr0 -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
 
 iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited