Closed gildub closed 8 years ago
This looks reasonable to me. As we do not have CI for this module, have you been able to do a basic sanity test? Note fir usage in tripleo-heat-templates, this may not truly be needed, as they set manage_fw to false (thanks @EmilienM for pointing that out). That said, this seems still generally useful for when we do want to have the firewall managed.
I've tested against a pacemaker deployment (3 nodes) initially with a dual ipv4/ipv6 stack. And then disabling the ipv4 (which I need for provisioning), leaving only the ipv6 stack. The cluster, configured for ipv6, works fine, the FW rules are created properly.
Using ip6tables provider