You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2022/09/29 15:02:35 UTC

[cloudstack] branch main updated: vr: fix packet interface mismatch (#6656)

This is an automated email from the ASF dual-hosted git repository.

dahn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/main by this push:
     new 67024b036a vr: fix packet interface mismatch (#6656)
67024b036a is described below

commit 67024b036a0640ee1ee9aa79d0496ce6606aa58c
Author: Abhishek Kumar <ab...@gmail.com>
AuthorDate: Thu Sep 29 20:32:28 2022 +0530

    vr: fix packet interface mismatch (#6656)
    
    Signed-off-by: Abhishek Kumar <ab...@gmail.com>
    Co-authored-by: Daan Hoogland <da...@onecht.net>
---
 systemvm/debian/opt/cloud/bin/configure.py    | 7 +++++--
 systemvm/debian/opt/cloud/bin/cs/CsAddress.py | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/systemvm/debian/opt/cloud/bin/configure.py b/systemvm/debian/opt/cloud/bin/configure.py
index 67e575bfb7..2d873f8c97 100755
--- a/systemvm/debian/opt/cloud/bin/configure.py
+++ b/systemvm/debian/opt/cloud/bin/configure.py
@@ -181,19 +181,22 @@ class CsAcl(CsDataBag):
 
             if self.direction == 'ingress':
                 for cidr in self.rule['cidr']:
+                    action = self.rule['action']
+                    if action == "ACCEPT":
+                        action = "RETURN"
                     if rule['protocol'] == "icmp":
                         self.fw.append(["mangle", "front",
                                         " -A FIREWALL_%s" % self.ip +
                                         " -s %s " % cidr +
                                         " -p %s " % rule['protocol'] +
-                                        " --icmp-type %s -j %s" % (icmp_type, self.rule['action'])])
+                                        " --icmp-type %s -j %s" % (icmp_type, action)])
                     else:
                         self.fw.append(["mangle", "front",
                                         " -A FIREWALL_%s" % self.ip +
                                         " -s %s " % cidr +
                                         " -p %s " % rule['protocol'] +
                                         " -m %s " % rule['protocol'] +
-                                        "  %s -j %s" % (rnge, self.rule['action'])])
+                                        "  %s -j %s" % (rnge, action)])
 
             sflag = False
             dflag = False
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
index e676bb5aed..91422602bd 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
@@ -423,7 +423,7 @@ class CsIP:
                             "-d %s/32 -j FIREWALL_%s" % (self.address['public_ip'], self.address['public_ip'])])
             self.fw.append(["mangle", "front",
                             "-A FIREWALL_%s " % self.address['public_ip'] +
-                            "-m state --state RELATED,ESTABLISHED -j ACCEPT"])
+                            "-m state --state RELATED,ESTABLISHED -j RETURN"])
             self.fw.append(["mangle", "",
                             "-A FIREWALL_%s -j DROP" % self.address['public_ip']])
             self.fw.append(["mangle", "",