shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-22 18:50:08 +03:00
Code Releases Wiki Activity

M #-: SG for NIC_ALIAS (#1103)

Browse Source 
(cherry picked from commit 4b4a09c08bde5bf3cf575280566f4b422acf5a17)
This commit is contained in:
Jan Orel 2021-04-14 15:33:28 +02:00 committed by Ruben S. Montero
parent 192e95c5c0
commit beb422433b
No known key found for this signature in database
GPG Key ID: A0CEA6FA880A1D87
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/vnm_mad/remotes/lib/security_groups_iptables.rb
View File

@ -386,7 +386,11 @@ module SGIPTables
nro = "#{base_br} --physdev-in #{nic[:tap]} -j #{chain_out}"
if bridged
nri = "#{base_br} --physdev-out #{nic[:tap]} -j #{chain_in}"
if nic[:alias_id]
nri = "#{base_br} --physdev-out #{nic[:parent_nic][:tap]} -d #{nic[:ip]} -j #{chain_in}"
else
nri = "#{base_br} --physdev-out #{nic[:tap]} -j #{chain_in}"
end
else
nri = "-I #{GLOBAL_CHAIN} -d #{nic[:ip]} -j #{chain_in}"
end
@ -428,7 +432,7 @@ module SGIPTables
"-j RETURN"
# Mac-spofing
if nic[:filter_mac_spoofing] == "YES"
if nic[:filter_mac_spoofing] == "YES" && nic[:alias_id].nil?
commands.add :iptables, "-A #{chain_out} -m mac ! "\
"--mac-source #{nic[:mac]} -j DROP"
commands.add :ip6tables, "-A #{chain_out} -m mac ! "\