This is an automated email from the ASF dual-hosted git repository. rohit pushed a commit to branch 4.14 in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 709ebf606238f7246f7aa95afdae2be1bdf4ea87 Merge: f893c5c 6e7516c Author: Rohit Yadav <[email protected]> AuthorDate: Thu Mar 4 15:00:51 2021 +0530 Merge remote-tracking branch 'origin/4.13' into 4.14 scripts/vm/network/security_group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --cc scripts/vm/network/security_group.py index 680177e,21f6f7e..0783e4a --- a/scripts/vm/network/security_group.py +++ b/scripts/vm/network/security_group.py @@@ -145,47 -147,9 +145,47 @@@ def split_ips_by_family(ips) ip6s.append(ip) return ip4s, ip6s +def destroy_network_rules_for_nic(vm_name, vm_ip, vm_mac, vif, sec_ips): + try: + rules = execute("""iptables-save -t filter | awk '/ %s / { sub(/-A/, "-D", $1) ; print }'""" % vif ).split("\n") + for rule in filter(None, rules): + try: + execute("iptables " + rule) + except: + logging.debug("Ignoring failure to delete rule: " + rule) + except: + pass + + try: + dnats = execute("""iptables-save -t nat | awk '/ %s / { sub(/-A/, "-D", $1) ; print }'""" % vif ).split("\n") + for dnat in filter(None, dnats): + try: + execute("iptables -t nat " + dnat) + except: + logging.debug("Ignoring failure to delete dnat: " + dnat) + except: + pass + + ips = sec_ips.split(';') + ips.pop() + ips.append(vm_ip) + add_to_ipset(vm_name, ips, "-D") + ebtables_rules_vmip(vm_name, vm_mac, ips, "-D") + + vmchain_in = vm_name + "-in" + vmchain_out = vm_name + "-out" + vmchain_in_src = vm_name + "-in-src" + vmchain_out_dst = vm_name + "-out-dst" + try: + execute("ebtables -t nat -D " + vmchain_in_src + " -s " + vm_mac + " -j RETURN") + execute("ebtables -t nat -D " + vmchain_out_dst + " -p ARP --arp-op Reply --arp-mac-dst " + vm_mac + " -j RETURN") + execute("ebtables -t nat -D PREROUTING -i " + vif + " -j " + vmchain_in) + execute("ebtables -t nat -D POSTROUTING -o " + vif + " -j " + vmchain_out) + except: + logging.debug("Ignoring failure to delete ebtable rules for vm: " + vm_name) def get_bridge_physdev(brname): - physdev = execute("bridge -o link show | awk '/master %s / && !/^[0-9]+: vnet/ {print $2}' | head -1" % brname) + physdev = execute("bridge -o link show | awk '/master %s / && !/^[0-9]+: vnet/ {print $2}' | head -1 | cut -d ':' -f1" % brname) return physdev.strip()
