router: Fix rule duplication with non-VPC static NAT rules (#3366)

The VR code has provision for inserting rules at the top or bottom by specifying "front" as the second parameter to self.fw.append. However, there are a number of cases where someone has been unaware of this and added a rule with the pattern self.fw.append(["mangle", "", "-I PREROUTING".... This causes the code to check for the rule already being present to fail, and duplicate rules end up being added. This PR fixes two of these cases which apply to adding static NAT rules. I am aware of more of these cases, but I don't have the ability to easily test the outcome of fixing them. I'm happy to add these in if you're confident that the automated tests will be sufficient. Searching for "-I (case sensitive) finds these. The code for dealing with "front" is included below to show that this shouldn't have any ill effects: if fw[1] == "front": cpy = cpy.replace('-A', '-I') Fixes #3177
2025-10-26 08:42:29 +01:00 · 2019-06-04 21:51:03 +01:00 · 2019-06-04 21:51:03 +01:00 · 41f569e8a8
commit 41f569e8a8
parent c94ee1454d
1 changed files with 4 additions and 4 deletions
--- a/systemvm/debian/opt/cloud/bin/configure.py
+++ b/systemvm/debian/opt/cloud/bin/configure.py
@ -922,11 +922,11 @@ class CsForwardingRules(CsDataBag):
        if device is None:
            raise Exception("Ip address %s has no device in the ips databag" % rule["public_ip"])

-        self.fw.append(["mangle", "",
-                        "-I PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" %
+        self.fw.append(["mangle", "front",
+                        "-A PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" %
                        rule["internal_ip"]])
-        self.fw.append(["mangle", "",
-                        "-I PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark %s/0xffffffff" %
+        self.fw.append(["mangle", "front",
+                        "-A PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark %s/0xffffffff" %
                        (rule["internal_ip"], hex(100 + int(device[len("eth"):])))])
        self.fw.append(["nat", "front",
                        "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])