etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Aligning router chain names correctly

This commit is contained in:
Ian Southam 2014-11-12 12:16:05 +01:00 committed by wilderrodrigues
parent a2e7f30542
commit 945cc0bcfb
2 changed files with 15 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
View File

@ -98,7 +98,8 @@ class CsAddress(CsDataBag):
self.fw.append(["", "", "-A NETWORK_STATS -o %s ! -i eth0 -p tcp" % dev])
self.fw.append(["", "", "-A NETWORK_STATS -i %s ! -o eth0 -p tcp" % dev])
if address["nw_type"] == "guest":
# Netstats per interface only used on VPC
if address["nw_type"] == "guest" and self.config.is_vpc():
self.fw.append(["", "front", "-A FORWARD -j NETWORK_STATS_%s" % dev])
self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -s %s" % (dev, dev, address['network'])])
self.fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -d %s" % (dev, dev, address['network'])])
@ -272,8 +273,9 @@ class CsIP:
route.routeTable()
route.add(self.address, method)
# On deletion nw_type will no longer be known
if self.get_type() in ["guest"]:
devChain = "ACL_INBOUND_%s" % (self.dev)
if (self.get_type() in ["guest"] and self.config.is_vpc()) or
(self.get_type() in ['public'] and not self.config.is_vpc()):
devChain = self.config.get_ingress_chain(self.dev, self.address['public_ip'])
CsDevice(self.dev, self.config).configure_rp()
self.fw.append(["nat", "front",
@ -291,21 +293,18 @@ class CsIP:
"-A PREROUTING -m state --state NEW -i %s -s %s ! -d %s/32 -j %s" %
(self.dev, self.address['network'], self.address['public_ip'], devChain)
])
logging.error("Not able to setup sourcenat for a regular router yet")
dns = CsDnsmasq(self)
dns.add_firewall_rules()
app = CsApache(self)
app.setup()
pwdsvc = CsPasswdSvc(self).setup()
elif self.get_type() == "public":
if self.get_type() == "public" and self.config.is_vpc():
if self.address["source_nat"]:
if self.cl.get_type() == "vpcrouter":
vpccidr = self.cl.get_vpccidr()
self.fw.append(["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
self.fw.append(["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
elif self.cl.get_type() == "router":
logging.error("Not able to setup sourcenat for a regular router yet")
else:
logging.error("Unable to process source nat configuration for router of type %s" % type)
vpccidr = self.cl.get_vpccidr()
self.fw.append(["filter", "", "-A FORWARD -s %s ! -d %s -j ACCEPT" % (vpccidr, vpccidr)])
self.fw.append(["nat", "", "-A POSTROUTING -j SNAT -o %s --to-source %s" % (self.dev, self.address['public_ip'])])
# route.flush()
def list(self):

8
systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py
View File

@ -55,19 +55,19 @@ class CsConfig(object):
return self.__LOG_FORMAT
def get_ingress_chain(self, device, ip):
if self.is_vpc:
if self.is_vpc():
return "ACL_INBOUND_%s" % device
else:
return "FIREWALL_" % ip
return "FIREWALL_%s" % ip
def get_egress_chain(self, device, ip):
if self.is_vpc:
if self.is_vpc():
return "ACL_OUTBOUND_%s" % device
else:
return "FW_EGRESS_RULES"
def get_egress_table(self):
if self.is_vpc:
if self.is_vpc():
return 'mangle'
else:
return ""