etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

VPC : CS-15501, outbound only work on new connection

This commit is contained in:
anthony 2012-07-09 11:48:28 -07:00
parent 417c435622
commit 87a7fd1a26
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh
View File

@ -34,7 +34,7 @@ acl_remove_backup() {
sudo iptables -D FORWARD -o $dev -d $gcidr -j _ACL_INBOUND_$dev 2>/dev/null
sudo iptables -X _ACL_INBOUND_$dev 2>/dev/null
sudo iptables -t mangle -F _ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -D PREROUTING -i $dev -s $gcidr ! -d $ip -j _ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -D PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j _ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -X _ACL_OUTBOUND_$dev 2>/dev/null
}
@ -43,7 +43,7 @@ acl_remove() {
sudo iptables -D FORWARD -o $dev -d $gcidr -j ACL_INBOUND_$dev 2>/dev/null
sudo iptables -X ACL_INBOUND_$dev 2>/dev/null
sudo iptables -t mangle -F ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -D PREROUTING -i $dev -s $gcidr ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -D PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -X ACL_OUTBOUND_$dev 2>/dev/null
}
@ -69,7 +69,7 @@ acl_chain_for_guest_network () {
# outbound
sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j DROP 2>/dev/null
sudo iptables -t mangle -A PREROUTING -i $dev -s $gcidr ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
}

4
patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
View File

@ -33,7 +33,7 @@ usage() {
destroy_acl_chain() {
sudo iptables -t mangle -F ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -D PREROUTING -i $dev -s $subnet/$mask ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -D PREROUTING -m state --state NEW -i $dev -s $subnet/$mask ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -X ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -F ACL_INBOUND_$dev 2>/dev/null
sudo iptables -D FORWARD -o $dev -d $subnet/$mask -j ACL_INBOUND_$dev 2>/dev/null
@ -45,7 +45,7 @@ create_acl_chain() {
destroy_acl_chain
sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j DROP 2>/dev/null
sudo iptables -t mangle -A PREROUTING -i $dev -s $subnet/$mask ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $subnet/$mask ! -d $ip -j ACL_OUTBOUND_$dev 2>/dev/null
sudo iptables -N ACL_INBOUND_$dev 2>/dev/null
# drop if no rules match (this will be the last rule in the chain)
sudo iptables -A ACL_INBOUND_$dev -j DROP 2>/dev/null