From 92e0239c166f7c84f61523160d473025cbae8a31 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 24 Jun 2014 18:09:58 +0000
Subject: [PATCH] On new rhel7 virthosts allow forwarding.

---
 inventory/group_vars/bvirthost         | 2 ++
 inventory/group_vars/virthost          | 2 ++
 roles/base/templates/iptables/iptables | 4 ++++
 3 files changed, 8 insertions(+)
 create mode 100644 inventory/group_vars/bvirthost
 create mode 100644 inventory/group_vars/virthost

diff --git a/inventory/group_vars/bvirthost b/inventory/group_vars/bvirthost
new file mode 100644
index 0000000000..d7aff060d9
--- /dev/null
+++ b/inventory/group_vars/bvirthost
@@ -0,0 +1,2 @@
+---
+virthost: true
diff --git a/inventory/group_vars/virthost b/inventory/group_vars/virthost
new file mode 100644
index 0000000000..d7aff060d9
--- /dev/null
+++ b/inventory/group_vars/virthost
@@ -0,0 +1,2 @@
+---
+virthost: true
diff --git a/roles/base/templates/iptables/iptables b/roles/base/templates/iptables/iptables
index 8ad12f42cc..97160bdbce 100644
--- a/roles/base/templates/iptables/iptables
+++ b/roles/base/templates/iptables/iptables
@@ -54,5 +54,9 @@
 
 # otherwise kick everything out
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
+{% if virthost is defined %}
+-A FORWARD -j ACCEPT
+{% else %}
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
+{% endif %}
 COMMIT