shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-19 06:50:07 +03:00
Code Releases Wiki Activity

Feature #3175: Firewall driver is compatible with the security groups driver

Browse Source
This commit is contained in:
Jaime Melis 2014-12-09 17:20:40 +01:00
parent a67b541ff9
commit 6ebe8c1327
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/vnm_mad/remotes/Firewall.rb
View File

@ -143,7 +143,24 @@ class OpenNebulaFirewall < OpenNebulaNetwork
end
def tap_to_chain(tap, chain)
rule "-A FORWARD -m physdev --physdev-out #{tap} -j #{chain}"
iptables_out = `#{COMMANDS[:iptables]} -n -v --line-numbers -L FORWARD`
# Insert the rule on top of the 'opennebula' chain if it exists, so it
# doesn't conflict with the security groups driver
index = nil
iptables_out.lines.each do |line|
fields = line.split
if fields.include?("opennebula") && fields.include?("--physdev-is-bridged")
index = fields[0]
break
end
end
if index
rule "-I FORWARD #{index} -m physdev --physdev-out #{tap} -j #{chain}"
else
rule "-A FORWARD -m physdev --physdev-out #{tap} -j #{chain}"
end
end
def new_chain(chain)