fix delete security group rule

scripts/vm/network/security_group.py

@@ -405,14 +405,13 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif
         logging.debug("Rules already programmed for vm " + vm_name)
         return 'true'
     
-    if changes[0] or changes[2]:
+    if changes[0] or changes[1] or changes[2] or changes[3]:
         default_network_rules(vmName, vm_id, vm_ip, vmMac, vif, brname)
 
     if rules == "" or rules == None:
-        write_rule_log_for_vm(vmName, vm_id, vm_ip, domId, signature, seqno)
-        return 'true'
-
-    lines = rules.split(';')[:-1]
+        lines = []
+    else:
+        lines = rules.split(';')[:-1]
 
     logging.debug("    programming network rules for  IP: " + vm_ip + " vmname=" + vm_name)
     execute("iptables -F " + vmchain)

server/src/com/cloud/network/security/SecurityGroupManagerImpl.java

@@ -88,6 +88,7 @@ import com.cloud.utils.db.Transaction;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.fsm.StateListener;
 import com.cloud.utils.net.NetUtils;
+import com.cloud.vm.Nic;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.NicVO;
 import com.cloud.vm.UserVmManager;
@@ -285,8 +286,9 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
 				if (rule.getAllowedNetworkId() != null){
 					List<SecurityGroupVMMapVO> allowedInstances = _securityGroupVMMapDao.listBySecurityGroup(rule.getAllowedNetworkId(), State.Running);
 					for (SecurityGroupVMMapVO ngmapVO: allowedInstances){
-						String cidr = ngmapVO.getGuestIpAddress();
-						if (cidr != null) {
+						Nic defaultNic = _networkMgr.getDefaultNic(ngmapVO.getInstanceId());
+						if (defaultNic != null) {
+						    String cidr = defaultNic.getIp4Address();
 							cidr = cidr + "/32";
 							cidrs.add(cidr);
 						}