Checksum all traffic traveling though the bridges

In some cases when running an AIO a user may want to run test workloads from within a VM though some of those workloads may fail due to networking problems caused by invalid checksums. This change simply changes the checksum rules from only port 22 to all ports on a provided interface. Closes-Bug: #1619730 Change-Id: I04479ff4fc58c51f369876ba5254bdab7b75fc03 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
openstack · Sep 29, 2016 · 0aa1ce6 · 0aa1ce6
1 parent ee40a8a
commit 0aa1ce6
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/tests/roles/bootstrap-host/defaults/main.yml b/tests/roles/bootstrap-host/defaults/main.yml
@@ -125,8 +125,8 @@ bridge_vlan_state_change_scripts: |
   post-down ip link del br-vlan-veth || true
 bridge_iptables_rules: |
   # To ensure ssh checksum is correct
-  up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
-  down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
+  up /sbin/iptables -A POSTROUTING -t mangle -p tcp -o {{ public_interface }} -j CHECKSUM --checksum-fill
+  down /sbin/iptables -D POSTROUTING -t mangle -p tcp -o {{ public_interface }} -j CHECKSUM --checksum-fill
   # To provide internet connectivity to instances
   up /sbin/iptables -t nat -A POSTROUTING -o {{ public_interface }} -j MASQUERADE
   down /sbin/iptables -t nat -D POSTROUTING -o {{ public_interface }} -j MASQUERADE