etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change security_group_agent python side in line with default 

security group rules change in 4.2
This commit is contained in:
Frank.Zhang 2013-10-10 14:43:40 -07:00
parent e5e39577c0
commit 59406cf225
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py
View File

@ -323,6 +323,14 @@ class SGAgent(object):
@staticmethod
def start():
def create_rule_if_not_exists(rule):
out = sglib.ShellCmd('iptables-save')()
if rule in out:
return
sglib.ShellCmd('iptables %s' % rule)()
def prepare_default_rules():
sglib.ShellCmd('iptables --policy INPUT DROP')()
name = 'default-chain'
@ -330,7 +338,9 @@ class SGAgent(object):
sglib.ShellCmd('iptables -F %s' % name)()
except Exception:
sglib.ShellCmd('iptables -N %s' % name)()
sglib.ShellCmd('iptables -I INPUT -p tcp --dport 9988 -j ACCEPT')()
create_rule_if_not_exists('-I INPUT -p tcp --dport 9988 -j ACCEPT')
create_rule_if_not_exists('-I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT')
prepare_default_rules()