apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

VR: add rules for traffic between static nat and private gateway static routes (#6153)

Browse Source
This commit is contained in:
Wei Zhou 2022-04-12 18:26:51 +02:00 committed by GitHub
parent b6072fc826
commit 19a7774cab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
systemvm/debian/opt/cloud/bin/configure.py
View File

@ -852,6 +852,20 @@ class CsForwardingRules(CsDataBag):
interfaces.append(interface) interfaces.append(interface)
return interfaces return interfaces
def getStaticRoutes(self):
static_routes = CsStaticRoutes("staticroutes", self.config)
routes = []
if not static_routes:
return routes
for item in static_routes.get_bag():
if item == "id":
continue
static_route = static_routes.get_bag()[item]
if static_route['revoke']:
continue
routes.append(static_route)
return routes
def portsToString(self, ports, delimiter): def portsToString(self, ports, delimiter):
ports_parts = ports.split(":", 2) ports_parts = ports.split(":", 2)
if ports_parts[0] == ports_parts[1]: if ports_parts[0] == ports_parts[1]:
@ -997,6 +1011,10 @@ class CsForwardingRules(CsDataBag):
for private_gw in private_gateways: for private_gw in private_gateways:
self.fw.append(["mangle", "front", "-A %s -d %s -j RETURN" % self.fw.append(["mangle", "front", "-A %s -d %s -j RETURN" %
(chain_name, private_gw.get_network())]) (chain_name, private_gw.get_network())])
static_routes = self.getStaticRoutes()
for static_route in static_routes:
self.fw.append(["mangle", "front", "-A %s -d %s -j RETURN" %
(chain_name, static_route['network'])])
self.fw.append(["nat", "front", self.fw.append(["nat", "front",
"-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])]) "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])