[lxc-devel] [lxd/master] networks: Drop all firewall rules when disabled

Tue, 16 Jan 2018 05:16:23 -0800 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4175

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Stéphane Graber <[email protected]>

From 4a064e2f70595a30aef9bf1407aba34ad7792884 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <[email protected]>
Date: Tue, 16 Jan 2018 15:15:37 +0200
Subject: [PATCH] networks: Drop all firewall rules when disabled
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <[email protected]>
---
 lxd/networks.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lxd/networks.go b/lxd/networks.go
index fb7659955..9bab7a1fe 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -726,7 +726,7 @@ func (n *network) Start() error {
 
        // Configure IPv4 firewall (includes fan)
        if n.config["bridge.mode"] == "fan" || 
!shared.StringInSlice(n.config["ipv4.address"], []string{"", "none"}) {
-               if n.config["ipv4.dhcp"] == "" || 
shared.IsTrue(n.config["ipv4.dhcp"]) {
+               if (n.config["ipv4.dhcp"] == "" || 
shared.IsTrue(n.config["ipv4.dhcp"])) && (n.config["ipv4.firewall"] == "" || 
shared.IsTrue(n.config["ipv4.firewall"])) {
                        // Setup basic iptables overrides for DHCP/DNS
                        rules := [][]string{
                                {"ipv4", n.name, "", "INPUT", "-i", n.name, 
"-p", "udp", "--dport", "67", "-j", "ACCEPT"},
@@ -890,7 +890,7 @@ func (n *network) Start() error {
 
                // Update the dnsmasq config
                dnsmasqCmd = append(dnsmasqCmd, 
[]string{fmt.Sprintf("--listen-address=%s", ip.String()), "--enable-ra"}...)
-               if n.config["ipv6.dhcp"] == "" || 
shared.IsTrue(n.config["ipv6.dhcp"]) {
+               if (n.config["ipv6.dhcp"] == "" || 
shared.IsTrue(n.config["ipv6.dhcp"])) && (n.config["ipv6.firewall"] == "" || 
shared.IsTrue(n.config["ipv6.firewall"])) {
                        // Setup basic iptables overrides for DHCP/DNS
                        rules := [][]string{
                                {"ipv6", n.name, "", "INPUT", "-i", n.name, 
"-p", "udp", "--dport", "546", "-j", "ACCEPT"},

_______________________________________________
lxc-devel mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to