You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ek...@apache.org on 2015/07/23 08:36:22 UTC

[2/2] git commit: updated refs/heads/master to d8f37c5

CLOUDSTACK-8650: Fix securitygroups ingress FW for protocol any and 0.0.0.0/0

Change way 0.0.0.0/0 + all is handles, as per feedback in Slack channel

Signed-off-by: wilderrodrigues <wr...@schubergphilis.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/4705d75d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/4705d75d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/4705d75d

Branch: refs/heads/master
Commit: 4705d75d4a7fd58def45ec3e70ed5118e0334cf7
Parents: 2e79c62
Author: Frank Louwers <fr...@openminds.be>
Authored: Fri Jul 17 15:33:07 2015 +0200
Committer: wilderrodrigues <wr...@schubergphilis.com>
Committed: Thu Jul 23 08:36:05 2015 +0200

----------------------------------------------------------------------
 scripts/vm/network/security_group.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4705d75d/scripts/vm/network/security_group.py
----------------------------------------------------------------------
diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 7279518..c4a6753 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -860,8 +860,10 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif
                 for ip in ips:
                     execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " " + direction + " " + ip + " -j "+ action)
 
-        if allow_any and protocol != 'all':
-            if protocol != 'icmp':
+        if allow_any
+            if protocol == 'all':
+                execute("iptables -I " + vmchain + " -m state --state NEW " + direction + " 0.0.0.0/0 -j "+action)
+            elif protocol != 'icmp':
                 execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -j "+ action)
             else:
                 range = start + "/" + end