github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #27102 from freehan/gciping 

Automatic merge from submit-queue

Accept ICMP in INPUT/FORWARD chain of filter table on GCI

fixes: #27059
pull/6/head
k8s-merge-robot 2016-06-09 19:54:27 -07:00 committed by GitHub
parent 6a388d4a0d 7b9435898d
commit 64b4967774
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cluster/gce/gci/configure-helper.sh
View File

@ -24,16 +24,18 @@ set -o pipefail
function config-ip-firewall { function config-ip-firewall {
echo "Configuring IP firewall rules" echo "Configuring IP firewall rules"
# The GCI image has host firewall which drop most inbound/forwarded packets. # The GCI image has host firewall which drop most inbound/forwarded packets.
# We need to add rules to accept all TCP/UDP packets. # We need to add rules to accept all TCP/UDP/ICMP packets.
if iptables -L INPUT | grep "Chain INPUT (policy DROP)" > /dev/null; then if iptables -L INPUT | grep "Chain INPUT (policy DROP)" > /dev/null; then
echo "Add rules to accept all inbound TCP/UDP packets" echo "Add rules to accept all inbound TCP/UDP/ICMP packets"
iptables -A INPUT -w -p TCP -j ACCEPT iptables -A INPUT -w -p TCP -j ACCEPT
iptables -A INPUT -w -p UDP -j ACCEPT iptables -A INPUT -w -p UDP -j ACCEPT
iptables -A INPUT -w -p ICMP -j ACCEPT
fi fi
if iptables -L FORWARD | grep "Chain FORWARD (policy DROP)" > /dev/null; then if iptables -L FORWARD | grep "Chain FORWARD (policy DROP)" > /dev/null; then
echo "Add rules to accept all forwarded TCP/UDP packets" echo "Add rules to accept all forwarded TCP/UDP/ICMP packets"
iptables -A FORWARD -w -p TCP -j ACCEPT iptables -A FORWARD -w -p TCP -j ACCEPT
iptables -A FORWARD -w -p UDP -j ACCEPT iptables -A FORWARD -w -p UDP -j ACCEPT
iptables -A FORWARD -w -p ICMP -j ACCEPT
fi fi
} }