From c5f8712b4b42e7b43f4d64a178911921e52b129e Mon Sep 17 00:00:00 2001
From: anthony <anthony@cloud.com>
Date: Wed, 11 Jul 2012 14:02:46 -0700
Subject: [PATCH] VPC : CS-11503, deleting staticnat works even ip is not
 there.   this can fix the issue for VPC,   but Cloudstack should not send out
 ipdeassociate before applying ruls on this ip

---
 .../debian/config/opt/cloud/bin/vpc_func.sh        | 14 ++++++++++++++
 .../debian/config/opt/cloud/bin/vpc_staticnat.sh   |  8 +++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_func.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_func.sh
index 79bebf7df03..6d20ecaa89a 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_func.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_func.sh
@@ -43,3 +43,17 @@ getVPCcidr () {
   done
   return 1
 }
+
+removeRulesForIp() {
+  local ip=$1
+  iptables-save -t mangle | grep $ip | grep "\-A"  | while read rule
+  do
+    rule=$(echo $rule | sed 's/\-A/\-D/')
+    sudo iptables -t mangle $rule
+  done
+  iptables-save -t filter | grep $ip | grep "\-A"  | while read rule
+  do
+    rule=$(echo $rule | sed 's/\-A/\-D/')
+    sudo iptables -t filter $rule
+  done
+}
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh
index cb825b17e3b..15ecc6c896c 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_staticnat.sh
@@ -92,7 +92,13 @@ ethDev=$(getEthByIp $publicIp)
 result=$?
 if [ $result -gt 0 ]
 then
-  unlock_exit $result $lock $locked
+  if [ "$op" == "-D" ]
+  then 
+    removeRulesForIp $publicIp
+    unlock_exit 0 $lock $locked
+  else
+    unlock_exit $result $lock $locked
+  fi
 fi
 OUTFILE=$(mktemp)