You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2017/07/22 08:53:25 UTC
[cloudstack] branch 4.9 updated: CLOUDSTACK-9838: Allow ingress
traffic between guest VMs via snat IPs
This is an automated email from the ASF dual-hosted git repository.
bhaisaab pushed a commit to branch 4.9
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.9 by this push:
new aa8a721 CLOUDSTACK-9838: Allow ingress traffic between guest VMs via snat IPs
aa8a721 is described below
commit aa8a721c393347b2624184d6ed04e1ede7ed38a6
Author: Rohit Yadav <ro...@shapeblue.com>
AuthorDate: Fri Apr 7 17:14:18 2017 +0530
CLOUDSTACK-9838: Allow ingress traffic between guest VMs via snat IPs
This enables the firewall/mangle tables rules to ACCEPT instead of RETURN, which
is the same behaviour as observed in ACS 4.5. By accepting the traffic, guest
VMs will be able to communicate tcp traffic between each other over snat public
IPs.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
---
systemvm/patches/debian/config/opt/cloud/bin/configure.py | 2 +-
systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py | 2 +-
systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index bdcfec9..82244e4 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -140,7 +140,7 @@ class CsAcl(CsDataBag):
" -s %s " % cidr +
" -p %s " % rule['protocol'] +
" -m %s " % rule['protocol'] +
- " %s -j RETURN" % rnge])
+ " %s -j %s" % (rnge, self.rule['action'])])
logging.debug("Current ACL IP direction is ==> %s", self.direction)
if self.direction == 'egress':
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
index a16fd07..4eac348 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -380,7 +380,7 @@ class CsIP:
self.fw.append(["mangle", "",
"-A FIREWALL_%s DROP" % self.address['public_ip']])
self.fw.append(["mangle", "",
- "-A VPN_%s -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.address['public_ip']])
+ "-I VPN_%s -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.address['public_ip']])
self.fw.append(["mangle", "",
"-A VPN_%s -j RETURN" % self.address['public_ip']])
self.fw.append(["nat", "",
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py
index 927c2ae..56096c8 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py
@@ -63,7 +63,7 @@ class CsRoute:
table = self.get_tablename(dev)
logging.info("Adding route: dev " + dev + " table: " +
table + " network: " + address + " if not present")
- cmd = "dev %s table %s %s" % (dev, table, address)
+ cmd = "dev %s table %s throw %s proto static" % (dev, table, address)
self.set_route(cmd)
def set_route(self, cmd, method="add"):
--
To stop receiving notification emails like this one, please contact
['"commits@cloudstack.apache.org" <co...@cloudstack.apache.org>'].