From e6bc9c0e35c75cb9abcb6634160b0e246c8bd552 Mon Sep 17 00:00:00 2001
From: "Leo.C.Wu" <xwuxwu@cn.ibm.com>
Date: Sun, 15 Feb 2015 15:20:09 +0800
Subject: [PATCH] #4572, post scripts configfirewall for ubuntu is NOT
 implemented.

---
 xCAT/postscripts/configfirewall | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/xCAT/postscripts/configfirewall b/xCAT/postscripts/configfirewall
index 4e972ca6d..eb2c81fa9 100755
--- a/xCAT/postscripts/configfirewall
+++ b/xCAT/postscripts/configfirewall
@@ -192,9 +192,39 @@ elsif (-f "/etc/SuSE-release")
     #system($cmd);
     xCAT::Utils->enableservice("firewall");
 }
+elsif (system("grep -i ubuntu /etc/issue > /dev/null 2>&1") == 0)
+{
+    my $fwconf = "/etc/fwrules.ubuntu";
+
+    if($::opt_private && $::opt_public)
+    {
+        &setup_ip_forwarding();
+        my $cmd = &generate_iptables_conf($::opt_private, $::opt_public);
+        system($cmd);
+    }
+
+    if ($::opt_nat)
+    {
+        my $cmd = &generate_nat_conf($::opt_private, $::opt_public);
+        system($cmd);
+    }
+
+    # iptables configuration should be persistent through reboots
+    my $cmd = "iptables-save > $fwconf";
+    system($cmd);
+
+    #put the iptables to rc.local, make firewall rules can be applied when system startup
+    if (system("grep '^iptables-restore.*$fwconf' /etc/rc.local"))
+    {
+        $cmd = "sed -i '2i iptables-restore < $fwconf' /etc/rc.local ";
+        system($cmd);
+    }
+}
 else
 {
-    #Ubuntu: FIXME
+    #if this block is hit, it should be an unknown OS.
+    print "unknow os system";
+    exit 1;
 }
 
 exit 0;