apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 11:52:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Bug fixed:

Browse Source 
Default drop rul for inbound chain gets dropped by CsNetFilter
This would have been bad (tm)
This commit is contained in:
Ian Southam 2014-08-28 15:34:17 +02:00 committed by wilderrodrigues
parent 8b38bff962
commit 762e05ddee
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
systemvm/patches/debian/config/opt/cloud/bin/CsNetfilter.py
View File

@ -95,6 +95,11 @@ class CsNetfilters(object):
def compare(self, list):
""" Compare reality with what is needed """
for c in self.chain.get("filter"):
# Ensure all inbound chains have a default drop rule
if c.startswith("ACL_INBOUND"):
list.append(["filter", "", "-A %s -j DROP" % c])
print list
for fw in list:
new_rule = CsNetfilter()
new_rule.parse(fw[2])
@ -118,6 +123,7 @@ class CsNetfilters(object):
""" Add the given chain if it is not already present """
if not self.has_chain(rule.get_table(), rule.get_chain()):
CsHelper.execute("iptables -t %s -N %s" % (rule.get_table(), rule.get_chain()))
self.chain.add(rule.get_table(), rule.get_chain())
def del_standard(self):
""" Del rules that are there but should not be deleted