Split the cidr lists so we won't hit the iptables-resture limits
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/30741a33 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/30741a33 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/30741a33 Branch: refs/heads/4.8 Commit: 30741a3309da346f324a8f365cb6ef8e1aab39d8 Parents: 709be45 Author: Boris Schrijver <[email protected]> Authored: Fri Feb 5 21:11:59 2016 +0100 Committer: Boris Schrijver <[email protected]> Committed: Fri Feb 5 21:11:59 2016 +0100 ---------------------------------------------------------------------- .../debian/config/opt/cloud/bin/configure.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/30741a33/systemvm/patches/debian/config/opt/cloud/bin/configure.py ---------------------------------------------------------------------- diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index f317b87..27e26a7 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -217,7 +217,23 @@ class CsAcl(CsDataBag): def process(self, direction, rule_list, base): count = base - for i in rule_list: + rule_list_splitted = [] + for rule in rule_list: + if ',' in rule['cidr']: + cidrs = rule['cidr'].split(',') + for cidr in cidrs: + new_rule = { + 'cidr': cidr, + 'last_port': rule['last_port'], + 'type': rule['type'], + 'first_port': rule['first_port'], + 'allowed': rule['allowed'] + } + rule_list_splitted.append(new_rule) + else: + rule_list_splitted.append(rule) + + for i in rule_list_splitted: r = self.AclRule(direction, self, i, self.config, count) r.create() count += 1
