[41/50] [abbrv] git commit: updated refs/heads/rbac to 2ef4d52

Thu, 31 Oct 2013 17:22:18 -0700 

CLOUDSTACK-4750

    use interface wildcard "+" in iptables to cover potential used VLAN 
interface to allow output on physical interface.

you will see
 0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0      
     PHYSDEV match --physdev-out bond2+ --physdev-is-bridged
instead of
 0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0      
     PHYSDEV match --physdev-out bond2.1234 --physdev-is-bridged

Anthony


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/27294a38
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/27294a38
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/27294a38

Branch: refs/heads/rbac
Commit: 27294a382757da25528bd45647933387b031ab5d
Parents: 9d2271d
Author: Anthony Xu <anthony...@citrix.com>
Authored: Wed Oct 30 15:12:21 2013 -0700
Committer: Anthony Xu <anthony...@citrix.com>
Committed: Wed Oct 30 15:12:21 2013 -0700

----------------------------------------------------------------------
 scripts/vm/hypervisor/xenserver/vmops | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/27294a38/scripts/vm/hypervisor/xenserver/vmops
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/xenserver/vmops 
b/scripts/vm/hypervisor/xenserver/vmops
index 18233d9..3f11960 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -495,12 +495,8 @@ def allow_egress_traffic(session):
     devs = []
     for pif in session.xenapi.PIF.get_all():
         pif_rec = session.xenapi.PIF.get_record(pif)
-        vlan = pif_rec.get('VLAN')
         dev = pif_rec.get('device')
-        if vlan == '-1':
-            devs.append(dev)
-        else:
-            devs.append(dev + "." + vlan)
+        devs.append(dev + "+")
     for d in devs:
         try:
             util.pread2(['/bin/bash', '-c', "iptables -n -L FORWARD | grep '%s 
'" % d])
@@ -804,8 +800,6 @@ def default_network_rules_systemvm(session, args):
     except:
         util.pread2(['iptables', '-F', vmchain])
     
-    allow_egress_traffic(session)
-  
     for vif in vifs:
         try:
             util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', 
'--physdev-is-bridged', '--physdev-out', vif, '-j', vmchain])

Reply via email to