apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-8650: Fix securitygroups ingress FW for protocol any and 0.0.0.0/0

Browse Source 
Change way 0.0.0.0/0 + all is handles, as per feedback in Slack channel

Signed-off-by: wilderrodrigues <wrodrigues@schubergphilis.com>
This commit is contained in:
Frank Louwers 2015-07-17 15:33:07 +02:00 committed by wilderrodrigues
parent 2e79c628e0
commit 4705d75d4a
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/vm/network/security_group.py
View File

@ -860,8 +860,10 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif
for ip in ips: for ip in ips:
execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " " + direction + " " + ip + " -j "+ action) execute("iptables -I " + vmchain + " -p icmp --icmp-type " + range + " " + direction + " " + ip + " -j "+ action)
if allow_any and protocol != 'all': if allow_any
if protocol != 'icmp': if protocol == 'all':
execute("iptables -I " + vmchain + " -m state --state NEW " + direction + " 0.0.0.0/0 -j "+action)
elif protocol != 'icmp':
execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -j "+ action) execute("iptables -I " + vmchain + " -p " + protocol + " -m " + protocol + " --dport " + range + " -m state --state NEW -j "+ action)
else: else:
range = start + "/" + end range = start + "/" + end