From faeb0b86c8075c9266d28d2dd4f4d81b32c80b39 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Thu, 28 May 2015 14:12:12 -0400
Subject: [PATCH] Forward packages to/from cluster_network

---
 ovssubnet/bin/openshift-sdn-kube-subnet-setup.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ovssubnet/bin/openshift-sdn-kube-subnet-setup.sh b/ovssubnet/bin/openshift-sdn-kube-subnet-setup.sh
index d8c59128e08b..15d66fa306ef 100755
--- a/ovssubnet/bin/openshift-sdn-kube-subnet-setup.sh
+++ b/ovssubnet/bin/openshift-sdn-kube-subnet-setup.sh
@@ -38,6 +38,9 @@ iptables -D INPUT -i ${TUN} -m comment --comment "traffic from docker for intern
 lineno=$(iptables -nvL INPUT --line-numbers | grep "state RELATED,ESTABLISHED" | awk '{print $1}')
 iptables -I INPUT $lineno -p udp -m multiport --dports 4789 -m comment --comment "001 vxlan incoming" -j ACCEPT
 iptables -I INPUT $((lineno+1)) -i ${TUN} -m comment --comment "traffic from docker for internet" -j ACCEPT
+fwd_lineno=$(iptables -nvL FORWARD --line-numbers | grep "reject-with icmp-host-prohibited" tail -n 1 | awk '{print $1}')
+iptables -I FORWARD $fwd_lineno -d ${cluster_subnet} -j ACCEPT
+iptables -I FORWARD $fwd_lineno -s ${cluster_subnet} -j ACCEPT
 
 ## docker
 if [[ -z "${DOCKER_NETWORK_OPTIONS}" ]]