From 0e613cc09c5484e08cabeaa102a33bac8df98f22 Mon Sep 17 00:00:00 2001 From: Jan Orel Date: Thu, 29 Apr 2021 17:45:05 +0200 Subject: [PATCH] M #-: Fix SG for ipv6 (#1142) (cherry picked from commit 82e1074748fc3300e136ee67abc1b98685941ac4) --- src/vnm_mad/remotes/lib/security_groups_iptables.rb | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/vnm_mad/remotes/lib/security_groups_iptables.rb b/src/vnm_mad/remotes/lib/security_groups_iptables.rb index e56dee2b58..b53ab0e84d 100644 --- a/src/vnm_mad/remotes/lib/security_groups_iptables.rb +++ b/src/vnm_mad/remotes/lib/security_groups_iptables.rb @@ -382,28 +382,30 @@ module SGIPTables commands.add :ip6tables, "-N #{chain_in}" # inbound commands.add :ip6tables, "-N #{chain_out}" # outbound + ip = nic[:ip] || nic[:ip6_global] + # Send traffic to the NIC chains base_br = "-I #{GLOBAL_CHAIN} -m physdev --physdev-is-bridged " if nic[:alias_id] - nro = "#{base_br} --physdev-in #{nic[:parent_nic][:tap]} -s #{nic[:ip]} -j #{chain_out}" + nro = "#{base_br} --physdev-in #{nic[:parent_nic][:tap]} -s #{ip} -j #{chain_out}" else nro = "#{base_br} --physdev-in #{nic[:tap]} -j #{chain_out}" end if bridged if nic[:alias_id] - nri = "#{base_br} --physdev-out #{nic[:parent_nic][:tap]} -d #{nic[:ip]} -j #{chain_in}" + nri = "#{base_br} --physdev-out #{nic[:parent_nic][:tap]} -d #{ip} -j #{chain_in}" else nri = "#{base_br} --physdev-out #{nic[:tap]} -j #{chain_in}" end else - nri = "-I #{GLOBAL_CHAIN} -d #{nic[:ip]} -j #{chain_in}" + nri = "-I #{GLOBAL_CHAIN} -d #{ip} -j #{chain_in}" end - if IPAddr.new(nic[:ip]).ipv4? + if !ip.nil? && IPAddr.new(ip).ipv4? commands.add :iptables, nri commands.add :iptables, nro - else + elsif !ip.nil? && IPAddr.new(ip).ipv6? commands.add :ip6tables, nri commands.add :ip6tables, nro end