From 2276a399acab65ac261fd90500c8f42122ddb2bf Mon Sep 17 00:00:00 2001
From: Edison Su <sudison@gmail.com>
Date: Fri, 14 Mar 2014 14:40:48 -0700
Subject: [PATCH] KVM security bug: no forwarding rule applied (cherry picked
 from commit e5c391fcf3852e50ebd99d4a72fd51d1753b05eb)

Signed-off-by: Animesh Chaturvedi <animesh@apache.org>
---
 scripts/vm/network/security_group.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 1d94de3d60b..704b2798202 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -978,7 +978,7 @@ def addFWFramework(brname):
         execute("iptables -N " + brfwin)
 
     try:
-        refs = execute("""iptables -n -L " + brfw + " | awk '/%s(.*)references/ {gsub(/\(/, "") ;print $3}'""" % brfw).strip()
+        refs = execute("""iptables -n -L %s | awk '/%s(.*)references/ {gsub(/\(/, "") ;print $3}'""" % (brfw,brfw)).strip()
         if refs == "0":
             execute("iptables -I FORWARD -i " + brname + " -j DROP")
             execute("iptables -I FORWARD -o " + brname + " -j DROP")