diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py index 3d6d1f6f722..7e7060a6cde 100755 --- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py @@ -24,6 +24,7 @@ from CsDatabag import CsDataBag from CsApp import CsApache, CsDnsmasq, CsPasswdSvc from CsRoute import CsRoute from CsRule import CsRule +from CsStaticRoutes import CsStaticRoutes VRRP_TYPES = ['guest'] @@ -553,6 +554,23 @@ class CsIP: self.fw.append(["mangle", "front", "-A PREROUTING -s %s -d %s -m state --state NEW -j MARK --set-xmark %s/0xffffffff" % (self.cl.get_vpccidr(), self.address['network'], hex(100 + int(self.dev[3:])))]) + + static_routes = CsStaticRoutes("staticroutes", self.config) + if static_routes: + for item in static_routes.get_bag(): + if item == "id": + continue + static_route = static_routes.get_bag()[item] + if static_route['ip_address'] == self.address['public_ip'] and not static_route['revoke']: + self.fw.append(["mangle", "", + "-A PREROUTING -m state --state NEW -i %s -s %s ! -d %s/32 -j ACL_OUTBOUND_%s" % + (self.dev, static_route['network'], static_route['ip_address'], self.dev)]) + self.fw.append(["filter", "front", "-A FORWARD -d %s -o %s -j ACL_INBOUND_%s" % + (static_route['network'], self.dev, self.dev)]) + self.fw.append(["filter", "front", + "-A FORWARD -d %s -o %s -m state --state RELATED,ESTABLISHED -j ACCEPT" % + (static_route['network'], self.dev)]) + if self.address["source_nat"]: self.fw.append(["nat", "front", "-A POSTROUTING -o %s -j SNAT --to-source %s" %