From 4705d75d4a7fd58def45ec3e70ed5118e0334cf7 Mon Sep 17 00:00:00 2001
From: Frank Louwers <frank@openminds.be>
Date: Fri, 17 Jul 2015 15:33:07 +0200
Subject: [PATCH] CLOUDSTACK-8650: Fix securitygroups ingress FW for protocol
 any and 0.0.0.0/0

Change way 0.0.0.0/0 + all is handles, as per feedback in Slack channel

Signed-off-by: wilderrodrigues <wrodrigues@schubergphilis.com>
---
 scripts/vm/network/security_group.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 7279518c43d..c4a67536942 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -860,8 +860,10 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif
                 for ip in ips:
                     execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " " + direction + " " + ip + " -j "+ action)
 
-        if allow_any and protocol != 'all':
-            if protocol != 'icmp':
+        if allow_any
+            if protocol == 'all':
+                execute("iptables -I " + vmchain + " -m state --state NEW " + direction + " 0.0.0.0/0 -j "+action)
+            elif protocol != 'icmp':
                 execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -j "+ action)
             else:
                 range = start + "/" + end