Merge pull request #1482 from remibergsma/iptables-fix Restore iptables at once using iptables-restore instead of calling iptables numerous timesThis makes handling the firewall rules about 50-60 times faster because it is generated in memory and then loaded once. It's work by @borisroman see PR #1400. Reopened it here because I think this is a great improvement.
* pr/1482: Resolve conflict as forceencap is already in master Split the cidr lists so we won't hit the iptables-resture limits Check the existence of 'forceencap' parameter before use Do not load previous firewall rules as we replace everyhing anyway Wait for dnsmasq to finish restart Remove duplicate spaces, and thus duplicate rules. Restore iptables at once using iptables-restore instead of calling iptables numerous times Add iptables copnversion script. Signed-off-by: Will Stevens <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9a20ab8b Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9a20ab8b Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9a20ab8b Branch: refs/heads/4.8 Commit: 9a20ab8bcbbd39aa012a0ec5a65e66bcc737ee0e Parents: 7a0b37a ebb7cb6 Author: Will Stevens <[email protected]> Authored: Wed May 18 15:50:20 2016 -0400 Committer: Will Stevens <[email protected]> Committed: Wed May 18 15:50:20 2016 -0400 ---------------------------------------------------------------------- .../debian/config/opt/cloud/bin/configure.py | 39 ++-- .../debian/config/opt/cloud/bin/cs/CsAddress.py | 31 ++- .../debian/config/opt/cloud/bin/cs/CsDhcp.py | 2 +- .../config/opt/cloud/bin/cs/CsLoadBalancer.py | 10 +- .../config/opt/cloud/bin/cs/CsNetfilter.py | 72 +++--- .../config/opt/cloud/bin/cs_iptables_save.py | 227 +++++++++++++++++++ 6 files changed, 312 insertions(+), 69 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9a20ab8b/systemvm/patches/debian/config/opt/cloud/bin/configure.py ---------------------------------------------------------------------- diff --cc systemvm/patches/debian/config/opt/cloud/bin/configure.py index b5f65e7,1e4469c..dc84916 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@@ -787,11 -805,11 +792,11 @@@ class CsForwardingRules(CsDataBag) rule['public_ip'], rule['protocol'], rule['protocol'], - self.portsToString(rule['public_ports'], ':'), + public_fwports, rule['internal_ip'], - self.portsToString(rule['internal_ports'], '-') + internal_fwports ) - fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \ + fw4 = "-A POSTROUTING -j SNAT --to-source %s -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \ ( self.getGuestIp(), self.getNetworkByIp(rule['internal_ip']), http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9a20ab8b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py ----------------------------------------------------------------------
