diff --git a/systemvm/debian/opt/cloud/bin/configure.py b/systemvm/debian/opt/cloud/bin/configure.py index 67e575bfb7a..2d873f8c974 100755 --- a/systemvm/debian/opt/cloud/bin/configure.py +++ b/systemvm/debian/opt/cloud/bin/configure.py @@ -181,19 +181,22 @@ class CsAcl(CsDataBag): if self.direction == 'ingress': for cidr in self.rule['cidr']: + action = self.rule['action'] + if action == "ACCEPT": + action = "RETURN" if rule['protocol'] == "icmp": self.fw.append(["mangle", "front", " -A FIREWALL_%s" % self.ip + " -s %s " % cidr + " -p %s " % rule['protocol'] + - " --icmp-type %s -j %s" % (icmp_type, self.rule['action'])]) + " --icmp-type %s -j %s" % (icmp_type, action)]) else: self.fw.append(["mangle", "front", " -A FIREWALL_%s" % self.ip + " -s %s " % cidr + " -p %s " % rule['protocol'] + " -m %s " % rule['protocol'] + - " %s -j %s" % (rnge, self.rule['action'])]) + " %s -j %s" % (rnge, action)]) sflag = False dflag = False diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py index e676bb5aedd..91422602bde 100755 --- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py @@ -423,7 +423,7 @@ class CsIP: "-d %s/32 -j FIREWALL_%s" % (self.address['public_ip'], self.address['public_ip'])]) self.fw.append(["mangle", "front", "-A FIREWALL_%s " % self.address['public_ip'] + - "-m state --state RELATED,ESTABLISHED -j ACCEPT"]) + "-m state --state RELATED,ESTABLISHED -j RETURN"]) self.fw.append(["mangle", "", "-A FIREWALL_%s -j DROP" % self.address['public_ip']]) self.fw.append(["mangle", "",