From e49a59de8c2ed4757ed0d14fb64e3ef1eabc14ee Mon Sep 17 00:00:00 2001 From: Frank Date: Thu, 3 Feb 2011 11:38:57 -0800 Subject: [PATCH] bug 8314 - Iptables is being appended with same set of rules again and again on each re-installation of the management server: master branch status 8314: resolved fixed --- client/bindir/cloud-setup-management.in | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/client/bindir/cloud-setup-management.in b/client/bindir/cloud-setup-management.in index 616e39c893a..451fbd1c024 100755 --- a/client/bindir/cloud-setup-management.in +++ b/client/bindir/cloud-setup-management.in @@ -134,6 +134,7 @@ chkconfig = Command("chkconfig") updatercd = Command("update-rc.d") ufw = Command("ufw") iptables = Command("iptables") +iptables_save = Command("iptables-save") augtool = Command("augtool") kvmok = Command("kvm-ok") ifconfig = Command("ifconfig") @@ -234,7 +235,13 @@ if Fedora or CentOS: if ":on" in o.stdout and os.path.exists("/etc/sysconfig/iptables"): stderr("Setting up firewall rules to permit traffic to CloudStack services") service.iptables.start() ; print o.stdout + o.stderr - for p in ports: iptables("-I","INPUT","1","-p","tcp","--dport",p,"-j","ACCEPT") + o = iptables_save() + for p in ports: + r = "INPUT -p tcp -m tcp --dport %s -j ACCEPT" % p + if r in o.stdout: + continue + iptables("-I","INPUT","1","-p","tcp","--dport",p,"-j","ACCEPT") + o = service.iptables.save() ; print o.stdout + o.stderr else: stderr("No need to set up iptables as the service is unconfigured or not set to start up at boot")