diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index bdcfec9ade8..82244e43c6b 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -140,7 +140,7 @@ class CsAcl(CsDataBag): " -s %s " % cidr + " -p %s " % rule['protocol'] + " -m %s " % rule['protocol'] + - " %s -j RETURN" % rnge]) + " %s -j %s" % (rnge, self.rule['action'])]) logging.debug("Current ACL IP direction is ==> %s", self.direction) if self.direction == 'egress': diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py index a16fd071613..4eac3483a97 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py @@ -380,7 +380,7 @@ class CsIP: self.fw.append(["mangle", "", "-A FIREWALL_%s DROP" % self.address['public_ip']]) self.fw.append(["mangle", "", - "-A VPN_%s -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.address['public_ip']]) + "-I VPN_%s -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.address['public_ip']]) self.fw.append(["mangle", "", "-A VPN_%s -j RETURN" % self.address['public_ip']]) self.fw.append(["nat", "", diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py index 927c2ae0d74..56096c86466 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py @@ -63,7 +63,7 @@ class CsRoute: table = self.get_tablename(dev) logging.info("Adding route: dev " + dev + " table: " + table + " network: " + address + " if not present") - cmd = "dev %s table %s %s" % (dev, table, address) + cmd = "dev %s table %s throw %s proto static" % (dev, table, address) self.set_route(cmd) def set_route(self, cmd, method="add"):