From 63ba5d4518ba883ba3fde04046d9a12e9c455559 Mon Sep 17 00:00:00 2001
From: Jaime Melis <jmelis@opennebula.org>
Date: Tue, 9 Dec 2014 11:00:23 +0100
Subject: [PATCH] Feature #3175: Avoid errors if empty rules and apply an
 ACCEPT policy by default.

---
 src/vnm_mad/remotes/security_groups/SecurityGroups.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/vnm_mad/remotes/security_groups/SecurityGroups.rb b/src/vnm_mad/remotes/security_groups/SecurityGroups.rb
index 19b71f55d0..174f521280 100644
--- a/src/vnm_mad/remotes/security_groups/SecurityGroups.rb
+++ b/src/vnm_mad/remotes/security_groups/SecurityGroups.rb
@@ -433,7 +433,7 @@ class SecurityGroup
 
         rules.each do |rule|
             @rules << Rule.new(rule)
-        end
+        end if rules
     end
 end
 
@@ -554,7 +554,7 @@ class SecurityGroupIPTables < SecurityGroup
 
             commands.iptables "-N #{GLOBAL_CHAIN}"
             commands.iptables "-A FORWARD -m physdev --physdev-is-bridged -j #{GLOBAL_CHAIN}"
-            commands.iptables "-A #{GLOBAL_CHAIN} -j DROP"
+            commands.iptables "-A #{GLOBAL_CHAIN} -j ACCEPT"
 
             commands.run!
         end