cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject [3/6] git commit: updated refs/heads/master to 05a29f0
Date Fri, 14 Aug 2015 11:06:44 GMT
tighten security of site-to-site VPN

It was like this in 4.4 and 4.5


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9b97719c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9b97719c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9b97719c

Branch: refs/heads/master
Commit: 9b97719c5c7839215fa4ff4392995af28055f803
Parents: 3824583
Author: Remi Bergsma <github@remi.nl>
Authored: Fri Aug 14 09:05:59 2015 +0200
Committer: Remi Bergsma <github@remi.nl>
Committed: Fri Aug 14 09:05:59 2015 +0200

----------------------------------------------------------------------
 systemvm/patches/debian/config/opt/cloud/bin/configure.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9b97719c/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index 154f0c9..9f7ffb7 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -425,9 +425,9 @@ class CsSite2SiteVpn(CsDataBag):
         CsHelper.execute("ipsec auto --rereadall")
 
     def configure_iptables(self, dev, obj):
-        self.fw.append(["", "front", "-A INPUT -i %s -p udp -m udp --dport 500 -j ACCEPT"
% dev])
-        self.fw.append(["", "front", "-A INPUT -i %s -p udp -m udp --dport 4500 -j ACCEPT"
% dev])
-        self.fw.append(["", "front", "-A INPUT -i %s -p esp -j ACCEPT" % dev])
+        self.fw.append(["", "front", "-A INPUT -i %s -p udp -m udp --dport 500 -s %s -d %s
-j ACCEPT" % (dev, obj['peer_gateway_ip'], obj['local_public_ip'])])
+        self.fw.append(["", "front", "-A INPUT -i %s -p udp -m udp --dport 4500 -s %s -d
%s -j ACCEPT" % (dev, obj['peer_gateway_ip'], obj['local_public_ip'])])
+        self.fw.append(["", "front", "-A INPUT -i %s -p esp -s %s -d %s -j ACCEPT" % (dev,
obj['peer_gateway_ip'], obj['local_public_ip'])])
         self.fw.append(["nat", "front", "-A POSTROUTING -t nat -o %s -m mark --mark 0x525
-j ACCEPT" % dev])
         for net in obj['peer_guest_cidr_list'].lstrip().rstrip().split(','):
             self.fw.append(["mangle", "front",


Mime
View raw message