You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by fr...@apache.org on 2013/10/10 23:44:30 UTC
git commit: updated refs/heads/4.2 to 999c1bc
Updated Branches:
refs/heads/4.2 1ac6ef1a7 -> 999c1bc1c
Change security_group_agent python side in line with default
security group rules change in 4.2
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/999c1bc1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/999c1bc1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/999c1bc1
Branch: refs/heads/4.2
Commit: 999c1bc1c029a21110b5bea4638d2d9a99b00f12
Parents: 1ac6ef1
Author: Frank.Zhang <fr...@citrix.com>
Authored: Thu Oct 10 14:43:40 2013 -0700
Committer: Frank.Zhang <fr...@citrix.com>
Committed: Thu Oct 10 14:44:14 2013 -0700
----------------------------------------------------------------------
.../security_group_agent/cs_sg_agent.py | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/999c1bc1/plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py b/plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py
index f940264..9bd541b 100755
--- a/plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py
+++ b/plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py
@@ -323,6 +323,14 @@ class SGAgent(object):
@staticmethod
def start():
+
+ def create_rule_if_not_exists(rule):
+ out = sglib.ShellCmd('iptables-save')()
+ if rule in out:
+ return
+
+ sglib.ShellCmd('iptables %s' % rule)()
+
def prepare_default_rules():
sglib.ShellCmd('iptables --policy INPUT DROP')()
name = 'default-chain'
@@ -330,7 +338,9 @@ class SGAgent(object):
sglib.ShellCmd('iptables -F %s' % name)()
except Exception:
sglib.ShellCmd('iptables -N %s' % name)()
- sglib.ShellCmd('iptables -I INPUT -p tcp --dport 9988 -j ACCEPT')()
+
+ create_rule_if_not_exists('-I INPUT -p tcp --dport 9988 -j ACCEPT')
+ create_rule_if_not_exists('-I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT')
prepare_default_rules()