This is an automated email from the ASF dual-hosted git repository.
bhaisaab pushed a commit to branch 4.9
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.9 by this push:
new aa8a721 CLOUDSTACK-9838: Allow ingress traffic between guest VMs via
snat IPs
aa8a721 is described below
commit aa8a721c393347b2624184d6ed04e1ede7ed38a6
Author: Rohit Yadav <[email protected]>
AuthorDate: Fri Apr 7 17:14:18 2017 +0530
CLOUDSTACK-9838: Allow ingress traffic between guest VMs via snat IPs
This enables the firewall/mangle tables rules to ACCEPT instead of RETURN,
which
is the same behaviour as observed in ACS 4.5. By accepting the traffic,
guest
VMs will be able to communicate tcp traffic between each other over snat
public
IPs.
Signed-off-by: Rohit Yadav <[email protected]>
---
systemvm/patches/debian/config/opt/cloud/bin/configure.py | 2 +-
systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py | 2 +-
systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index bdcfec9..82244e4 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -140,7 +140,7 @@ class CsAcl(CsDataBag):
" -s %s " % cidr +
" -p %s " % rule['protocol'] +
" -m %s " % rule['protocol'] +
- " %s -j RETURN" % rnge])
+ " %s -j %s" % (rnge,
self.rule['action'])])
logging.debug("Current ACL IP direction is ==> %s", self.direction)
if self.direction == 'egress':
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
index a16fd07..4eac348 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -380,7 +380,7 @@ class CsIP:
self.fw.append(["mangle", "",
"-A FIREWALL_%s DROP" % self.address['public_ip']])
self.fw.append(["mangle", "",
- "-A VPN_%s -m state --state RELATED,ESTABLISHED -j
ACCEPT" % self.address['public_ip']])
+ "-I VPN_%s -m state --state RELATED,ESTABLISHED -j
ACCEPT" % self.address['public_ip']])
self.fw.append(["mangle", "",
"-A VPN_%s -j RETURN" % self.address['public_ip']])
self.fw.append(["nat", "",
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py
b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py
index 927c2ae..56096c8 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py
@@ -63,7 +63,7 @@ class CsRoute:
table = self.get_tablename(dev)
logging.info("Adding route: dev " + dev + " table: " +
table + " network: " + address + " if not present")
- cmd = "dev %s table %s %s" % (dev, table, address)
+ cmd = "dev %s table %s throw %s proto static" % (dev, table, address)
self.set_route(cmd)
def set_route(self, cmd, method="add"):
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
