Bug #2667: Don't add rules if chain already exists

2025-03-21 14:50:08 +03:00 · 2014-02-05 14:21:59 +01:00 · 2014-02-05 14:21:59 +01:00 · 47ae6cea4c
commit 47ae6cea4c
parent bdf4b8a019
1 changed files with 8 additions and 0 deletions
--- a/src/vnm_mad/remotes/Firewall.rb
+++ b/src/vnm_mad/remotes/Firewall.rb
@ -41,6 +41,8 @@ class OpenNebulaFirewall < OpenNebulaNetwork
            chain   = "one-#{vm_id}-#{nic[:network_id]}"
            tap     = nic[:tap]

+            next if chain_exists?(chain)
+
            if tap
                #TCP
                if range = nic[:white_ports_tcp]
@ -149,6 +151,12 @@ class OpenNebulaFirewall < OpenNebulaNetwork
        rule "-N #{chain}"
    end

+    def chain_exists?(chain)
+        iptables_nl =`#{COMMANDS[:iptables]} -nL`
+        chains = iptables_nl.scan(/(one-.*?) .*references/).flatten
+        chains.include? chain
+    end
+
    def rule(rule)
        "#{COMMANDS[:iptables]} #{rule}"
    end