Utterley stupid
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5c70be11 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5c70be11 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5c70be11 Branch: refs/heads/feature/systemvm-persistent-config Commit: 5c70be115dd3a992ea44b74a0d29261fb6839cf8 Parents: 6136569 Author: Ian Southam <[email protected]> Authored: Tue Feb 10 14:05:13 2015 +0100 Committer: wilderrodrigues <[email protected]> Committed: Mon Feb 16 16:08:46 2015 +0100 ---------------------------------------------------------------------- systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py | 1 + 1 file changed, 1 insertion(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5c70be11/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py ---------------------------------------------------------------------- diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py index 0bf98df..cd2d9f1 100644 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py @@ -370,6 +370,7 @@ class CsIP: "-m state --state RELATED,ESTABLISHED " + "-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"]) if self.get_type() in ["guest"]: + self.fw.append(["filter", "", "-A FORWARD -d %s -o %s -j ACL_INBOUND_%s" % (self.address['network'], self.dev, self.dev)]) self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.dev]) self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 53 -j ACCEPT" % self.dev]) self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 53 -j ACCEPT" % self.dev])
