#!/bin/bash
set -eu

OK=/opt/stack/boot-stack/fedora-iptables.ok

if [ -e $OK ] ; then
    exit 0
fi

DISTRO=`lsb_release -si` || true

if [[ "Fedora" = $DISTRO ]]; then

    # Check if the iptables service is active
    if systemctl is-active iptables.service ; then
        IPT_FILE=/etc/sysconfig/iptables
        if [ -f $IPT_FILE ]; then
            iptables-restore < $IPT_FILE
        fi

        # Openstack services
        iptables -I INPUT -p tcp --dport 8774 -j ACCEPT
        iptables -I INPUT -p tcp --dport 8775 -j ACCEPT
        iptables -I INPUT -p tcp --dport 9292 -j ACCEPT
        iptables -I INPUT -p tcp --dport 5000 -j ACCEPT
        iptables -I INPUT -p tcp --dport 35357 -j ACCEPT
        iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
        iptables -I INPUT -p tcp --dport 8003 -j ACCEPT
        iptables -I INPUT -p tcp --dport 8004 -j ACCEPT
        iptables -I INPUT -p tcp --dport 9696  -j ACCEPT

        # AMQP
        iptables -I INPUT -p tcp --dport 5672  -j ACCEPT

        # DHCP, TFTP
        iptables -I INPUT -m udp -p udp --dport 69 -j ACCEPT

        # ISCSI
        iptables -I INPUT -p tcp --dport 10000 -j ACCEPT

        # Forward packets to the private ctlplane network
        iptables -I FORWARD -d 192.0.2.0/24 -j ACCEPT
        # Forward packets to the hosts libvirt network
        iptables -I FORWARD -d 192.168.122.0/24 -j ACCEPT

        iptables-save > $IPT_FILE
    fi

fi

touch $OK
