From 1079d63b6f978b2124db26d7f84f7ae62ba9daa0 Mon Sep 17 00:00:00 2001 From: John Kinsella Date: Wed, 13 Mar 2013 17:54:50 -0700 Subject: [PATCH] Summary: Prevent deletion of wrong iptables rules Detail: A grep in security_group.py wasn't defined well enough, could potentially delete rules for VMs other than intended BUG-ID: CLOUDSTACK-309 Bugfix-for: master Reviewed-by: Reported-by: Francois Scala Signed-off-by: John Kinsella 1363222521 -0700 --- scripts/vm/network/security_group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py index 50a164105bb..1bcbc3e10fc 100755 --- a/scripts/vm/network/security_group.py +++ b/scripts/vm/network/security_group.py @@ -344,7 +344,7 @@ def post_default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname, dhcpS def delete_rules_for_vm_in_bridge_firewall_chain(vmName): vm_name = vmName if vm_name.startswith('i-') or vm_name.startswith('r-'): - vm_name = '-'.join(vm_name.split('-')[:-1]) + vm_name = '-'.join(vm_name.split('-')[:-1]) + "-def" vmchain = vm_name