From 9ad5139fdaf0889fe5c7a4fe50fed35dc445c6bc Mon Sep 17 00:00:00 2001
From: Edison Su <edison@cloud.com>
Date: Thu, 3 Mar 2011 13:44:33 -0500
Subject: [PATCH] fix delete security group rule

---
 scripts/vm/network/security_group.py                     | 9 ++++-----
 .../cloud/network/security/SecurityGroupManagerImpl.java | 6 ++++--
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 4ecad0b2f78..609b9357bf8 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -405,14 +405,13 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif
         logging.debug("Rules already programmed for vm " + vm_name)
         return 'true'
     
-    if changes[0] or changes[2]:
+    if changes[0] or changes[1] or changes[2] or changes[3]:
         default_network_rules(vmName, vm_id, vm_ip, vmMac, vif, brname)
 
     if rules == "" or rules == None:
-        write_rule_log_for_vm(vmName, vm_id, vm_ip, domId, signature, seqno)
-        return 'true'
-
-    lines = rules.split(';')[:-1]
+        lines = []
+    else:
+        lines = rules.split(';')[:-1]
 
     logging.debug("    programming network rules for  IP: " + vm_ip + " vmname=" + vm_name)
     execute("iptables -F " + vmchain)
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
index 96685bc4375..b30f0c7035a 100644
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -88,6 +88,7 @@ import com.cloud.utils.db.Transaction;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.fsm.StateListener;
 import com.cloud.utils.net.NetUtils;
+import com.cloud.vm.Nic;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.NicVO;
 import com.cloud.vm.UserVmManager;
@@ -285,8 +286,9 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
 				if (rule.getAllowedNetworkId() != null){
 					List<SecurityGroupVMMapVO> allowedInstances = _securityGroupVMMapDao.listBySecurityGroup(rule.getAllowedNetworkId(), State.Running);
 					for (SecurityGroupVMMapVO ngmapVO: allowedInstances){
-						String cidr = ngmapVO.getGuestIpAddress();
-						if (cidr != null) {
+						Nic defaultNic = _networkMgr.getDefaultNic(ngmapVO.getInstanceId());
+						if (defaultNic != null) {
+						    String cidr = defaultNic.getIp4Address();
 							cidr = cidr + "/32";
 							cidrs.add(cidr);
 						}