Return-Path: 
 <cloudstack-commits-return-2565-apmail-incubator-cloudstack-commits-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-cloudstack-commits-archive@minotaur.apache.org
Delivered-To: apmail-incubator-cloudstack-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 06014D921
	for <apmail-incubator-cloudstack-commits-archive@minotaur.apache.org>;
 Wed, 15 Aug 2012 20:13:02 +0000 (UTC)
Received: (qmail 58906 invoked by uid 500); 15 Aug 2012 20:13:01 -0000
Delivered-To: apmail-incubator-cloudstack-commits-archive@incubator.apache.org
Received: (qmail 58883 invoked by uid 500); 15 Aug 2012 20:13:01 -0000
Mailing-List: contact cloudstack-commits-help@incubator.apache.org;
 run by ezmlm
Precedence: bulk
List-Help: <mailto:cloudstack-commits-help@incubator.apache.org>
List-Unsubscribe: <mailto:cloudstack-commits-unsubscribe@incubator.apache.org>
List-Post: <mailto:cloudstack-commits@incubator.apache.org>
List-Id: <cloudstack-commits.incubator.apache.org>
Reply-To: cloudstack-dev@incubator.apache.org
Delivered-To: mailing list cloudstack-commits@incubator.apache.org
Received: (qmail 58875 invoked by uid 99); 15 Aug 2012 20:13:01 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Aug 2012 20:13:01 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 90AD41D6D6; Wed, 15 Aug 2012 20:13:01 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: anthonyxu@apache.org
To: cloudstack-commits@incubator.apache.org
X-Mailer: ASF-Git Admin Mailer
Subject: git commit: in basic zone,  allow dhcp traffic by default
Message-Id: <20120815201301.90AD41D6D6@tyr.zones.apache.org>
Date: Wed, 15 Aug 2012 20:13:01 +0000 (UTC)

Updated Branches:
  refs/heads/master a3faff94f -> 2ea876dfd


in basic zone,  allow dhcp traffic by default


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/2ea876df
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/2ea876df
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/2ea876df

Branch: refs/heads/master
Commit: 2ea876dfd3c1b2d5097fd8f3a95aeceb10ec4681
Parents: a3faff9
Author: anthony <anthony@cloud.com>
Authored: Wed Aug 15 13:11:58 2012 -0700
Committer: anthony <anthony@cloud.com>
Committed: Wed Aug 15 13:11:58 2012 -0700

----------------------------------------------------------------------
 scripts/vm/hypervisor/xenserver/vmops |   13 +++----------
 1 files changed, 3 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/2ea876df/scripts/vm/hypervisor/xenserver/vmops
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index 373a611..ed7e7ca 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -751,7 +751,7 @@ def default_network_rules_systemvm(session, args):
     for vif in vifs:
         try:
             util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', vif, '-j', vmchain])
-            util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '2', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', vif, '-j', vmchain])
+            util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '4', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', vif, '-j', vmchain])
             util.pread2(['iptables', '-I', vmchain, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', vif, '-j', 'RETURN'])
         except:
             util.SMlog("Failed to program default rules")
@@ -823,12 +823,7 @@ def default_network_rules(session, args):
     try:
         for v in vifs:
             util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '-j', vmchain_default])
-            util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '2', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-j', vmchain_default])
-        util.pread2(['iptables', '-A', vmchain_default, '-m', 'state', '--state', 'RELATED,ESTABLISHED', '-j', 'ACCEPT'])
-        #allow dhcp
-        for v in vifs:
-            util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-p', 'udp', '--dport', '67', '--sport', '68',  '-j', 'ACCEPT'])
-            util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '-p', 'udp', '--dport', '68', '--sport', '67',  '-j', 'ACCEPT'])
+            util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '4', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-j', vmchain_default])
 
         #don't let vm spoof its ip address
         for v in vifs:
@@ -836,8 +831,6 @@ def default_network_rules(session, args):
             util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '--source', '!', vm_ip, '-j', 'DROP'])
             util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '--destination', '!', vm_ip, '-j', 'DROP'])
             util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '--source', vm_ip, '-j', vmchain_egress])
-        
-        for v in vifs:
             util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v,  '-j', vmchain])
     except:
         util.SMlog("Failed to program default rules for vm " + vm_name)
@@ -934,7 +927,7 @@ def network_rules_for_rebooted_vm(session, vmName):
 
     for v in vifs:
         util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '-j', vmchain_default])
-        util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-j', vmchain_default])
+        util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '4', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-j', vmchain_default])
 
     #change antispoof rule in vmchain
     try: