Skip to content

Commit 1dabe60

Browse files
enrico-usaienrico-usai
authored
Merge branch 'develop' into develop
2 parents f4267f4 + 9a3d069 commit 1dabe60

File tree

2 files changed

+35
-11
lines changed

2 files changed

+35
-11
lines changed

cookbooks/aws-parallelcluster-config/recipes/imds.rb

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,12 +57,21 @@
5757
command "mkdir -p $(dirname #{iptables_rules_file}) && iptables-save > #{iptables_rules_file}"
5858
end
5959

60+
ip6tables_rules_file = '/etc/parallelcluster/sysconfig/ip6tables.rules'
61+
62+
execute "Save ip6tables rules" do
63+
command "mkdir -p $(dirname #{ip6tables_rules_file}) && ip6tables-save > #{ip6tables_rules_file}"
64+
end
65+
6066
template '/etc/init.d/parallelcluster-iptables' do
6167
source 'imds/parallelcluster-iptables.erb'
6268
user 'root'
6369
group 'root'
6470
mode '0744'
65-
variables(iptables_rules_file: iptables_rules_file)
71+
variables(
72+
iptables_rules_file: iptables_rules_file,
73+
ip6tables_rules_file: ip6tables_rules_file
74+
)
6675
end
6776

6877
service "parallelcluster-iptables" do

cookbooks/aws-parallelcluster-config/templates/default/imds/parallelcluster-iptables.erb

Lines changed: 25 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
# parallelcluster-iptables
44
#
55
# chkconfig: 12345 99 99
6-
# description: Backup and restore iptables rules
6+
# description: Backup and restore iptables rules (both for IPv4 and IPv6)
77

88
### BEGIN INIT INFO
99
# Provides: $parallelcluster-iptables
@@ -16,21 +16,36 @@
1616
### END INIT INFO
1717

1818
IPTABLES_RULES_FILE="<%= @iptables_rules_file %>"
19+
IP6TABLES_RULES_FILE="<%= @ip6tables_rules_file %>"
1920

20-
function start() {
21-
if [[ -f $IPTABLES_RULES_FILE ]]; then
22-
iptables-restore < $IPTABLES_RULES_FILE
23-
echo "iptables rules restored from file: $IPTABLES_RULES_FILE"
21+
function save_tables() {
22+
local iptables_command=$1
23+
local iptables_file=$2
24+
echo "saving iptables rules to file: $iptables_file"
25+
mkdir -p $(dirname $iptables_file)
26+
$iptables_command > $iptables_file
27+
echo "iptables rules saved to file: $iptables_file"
28+
}
29+
30+
function restore_tables() {
31+
local iptables_command=$1
32+
local iptables_file=$2
33+
if [[ -f $iptables_file ]]; then
34+
$iptables_command < $iptables_file
35+
echo "iptables rules restored from file: $iptables_file"
2436
else
25-
echo "iptables rules left unchanged as file was not found: $IPTABLES_RULES_FILE"
37+
echo "iptables rules left unchanged as file was not found: $iptables_file"
2638
fi
2739
}
2840

41+
function start() {
42+
restore_tables iptables-restore $IPTABLES_RULES_FILE
43+
restore_tables ip6tables-restore $IP6TABLES_RULES_FILE
44+
}
45+
2946
function stop() {
30-
echo "saving iptables rules to file: $IPTABLES_RULES_FILE"
31-
mkdir -p $(dirname $IPTABLES_RULES_FILE)
32-
iptables-save > $IPTABLES_RULES_FILE
33-
echo "iptables rules saved to file: $IPTABLES_RULES_FILE"
47+
save_tables iptables-save $IPTABLES_RULES_FILE
48+
save_tables ip6tables-save $IP6TABLES_RULES_FILE
3449
}
3550

3651
case "$1" in

0 commit comments

Comments
 (0)