Add sample rules in ifup-extra

Here we allows outgoing traffic with destination port 25.

Please note that every rule that is added when the corresponding
tag is found it should always be removed at the beginning of the
script. With other words you should remove stale entries before
adding new.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

diff --git a/ifup-extra b/ifup-extra
old mode 100644 (file)
new mode 100755 (executable)
index 7aa3e3e..c2e121c
--- a/ifup-extra
+++ b/ifup-extra
@@ -6,6 +6,16 @@ source /usr/lib/snf-network/common.sh
 # Useful environment vars
 # INTERFACE, INSTANCE, IP, NETWORK_TAGS, MODE, TABLE
 
+function reset_extra (){
+
+  iptables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
+  ip6tables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
+
+}
+
+# Reset rules that might have been applied by a previous ifup-extra
+try reset_extra
+
 ifprefixindex="synnefo:network:$INTERFACE_INDEX:"
 ifprefixname="synnefo:network:$INTERFACE_NAME:"
 ifprefixuuid="synnefo:network:$INTERFACE_UUID:"
@@ -16,6 +26,8 @@ for tag in $TAGS; do
   case $tag in
     mail)
     # Here add iptalbes rule..
+    iptables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
+    ip6tables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
   ;;
   esac
 done