Add with-lan-access.yml deployment ops example

2017-07-20 22:10:26 -07:00 · 2017-07-20 22:10:26 -07:00 · 84ca960de0
parent eb8ba81cd8
commit 84ca960de0
1 changed files with 22 additions and 0 deletions
--- a/deployment/with-lan-access.yml
+++ b/deployment/with-lan-access.yml
@ -0,0 +1,22 @@
+- path: /releases/name=networking?
+  type: replace
+  value:
+    name: networking
+    version: 9
+    url: http://bosh.io/d/github.com/cloudfoundry/networking-release?v=9
+    sha1: 9b5f9d27917c3754e492470ac6c9af80d62963db
+- path: /instance_groups/name=openvpn/jobs/name=iptables?
+  type: replace
+  value:
+    name: iptables
+    release: networking
+    properties:
+      iptables:
+        filter:
+          FORWARD:
+          - -s ((vpn_network))/((vpn_network_mask_bits)) -d ((lan_network))/((lan_network_mask_bits)) -m conntrack --ctstate NEW -j ACCEPT -m comment --comment 'vpn -> lan'
+          - -s ((lan_network))/((lan_network_mask_bits)) -d ((vpn_network))/((vpn_network_mask_bits)) -m conntrack --ctstate NEW -j ACCEPT -m comment --comment 'lan -> vpn'
+          - -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+- path: /instance_groups/name=openvpn/jobs/name=openvpn/properties/push_routes?/-
+  type: replace
+  value: ((lan_network)) ((lan_network_mask))