You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by an...@apache.org on 2013/10/30 23:15:30 UTC
git commit: updated refs/heads/master to 27294a3
Updated Branches:
refs/heads/master 9d2271d11 -> 27294a382
CLOUDSTACK-4750
use interface wildcard "+" in iptables to cover potential used VLAN interface to allow output on physical interface.
you will see
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out bond2+ --physdev-is-bridged
instead of
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out bond2.1234 --physdev-is-bridged
Anthony
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/27294a38
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/27294a38
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/27294a38
Branch: refs/heads/master
Commit: 27294a382757da25528bd45647933387b031ab5d
Parents: 9d2271d
Author: Anthony Xu <an...@citrix.com>
Authored: Wed Oct 30 15:12:21 2013 -0700
Committer: Anthony Xu <an...@citrix.com>
Committed: Wed Oct 30 15:12:21 2013 -0700
----------------------------------------------------------------------
scripts/vm/hypervisor/xenserver/vmops | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27294a38/scripts/vm/hypervisor/xenserver/vmops
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index 18233d9..3f11960 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -495,12 +495,8 @@ def allow_egress_traffic(session):
devs = []
for pif in session.xenapi.PIF.get_all():
pif_rec = session.xenapi.PIF.get_record(pif)
- vlan = pif_rec.get('VLAN')
dev = pif_rec.get('device')
- if vlan == '-1':
- devs.append(dev)
- else:
- devs.append(dev + "." + vlan)
+ devs.append(dev + "+")
for d in devs:
try:
util.pread2(['/bin/bash', '-c', "iptables -n -L FORWARD | grep '%s '" % d])
@@ -804,8 +800,6 @@ def default_network_rules_systemvm(session, args):
except:
util.pread2(['iptables', '-F', vmchain])
- allow_egress_traffic(session)
-
for vif in vifs:
try:
util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', vif, '-j', vmchain])