From c780a7c5f76c7353f94c25aacfcf34081d3506cf Mon Sep 17 00:00:00 2001
From: Dimitris Aragiorgis <dimara@grnet.gr>
Date: Wed, 26 Feb 2014 15:08:30 +0200
Subject: [PATCH] Add sample rules in ifup-extra

Here we allows outgoing traffic with destination port 25.

Please note that every rule that is added when the corresponding
tag is found it should always be removed at the beginning of the
script. With other words you should remove stale entries before
adding new.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
---
 ifup-extra |   12 ++++++++++++
 1 file changed, 12 insertions(+)
 mode change 100644 => 100755 ifup-extra

diff --git a/ifup-extra b/ifup-extra
old mode 100644
new mode 100755
index 7aa3e3e..c2e121c
--- a/ifup-extra
+++ b/ifup-extra
@@ -6,6 +6,16 @@ source /usr/lib/snf-network/common.sh
 # Useful environment vars
 # INTERFACE, INSTANCE, IP, NETWORK_TAGS, MODE, TABLE
 
+function reset_extra (){
+
+  iptables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
+  ip6tables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
+
+}
+
+# Reset rules that might have been applied by a previous ifup-extra
+try reset_extra
+
 ifprefixindex="synnefo:network:$INTERFACE_INDEX:"
 ifprefixname="synnefo:network:$INTERFACE_NAME:"
 ifprefixuuid="synnefo:network:$INTERFACE_UUID:"
@@ -16,6 +26,8 @@ for tag in $TAGS; do
   case $tag in
     mail)
     # Here add iptalbes rule..
+    iptables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
+    ip6tables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
   ;;
   esac
 done
-- 
1.7.10.4