cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sw...@apache.org
Subject [12/15] git commit: updated refs/heads/4.8 to 8f330b0
Date Wed, 18 May 2016 19:55:19 GMT
Merge pull request #1482 from remibergsma/iptables-fix

Restore iptables at once using iptables-restore instead of calling iptables numerous timesThis
makes handling the firewall rules about 50-60 times faster because it is generated in memory
and then loaded once. It's work by @borisroman see PR #1400. Reopened it here because I think
this is a great improvement.

* pr/1482:
  Resolve conflict as forceencap is already in master
  Split the cidr lists so we won't hit the iptables-resture limits
  Check the existence of 'forceencap' parameter before use
  Do not load previous firewall rules as we replace everyhing anyway
  Wait for dnsmasq to finish restart
  Remove duplicate spaces, and thus duplicate rules.
  Restore iptables at once using iptables-restore instead of calling iptables numerous times
  Add iptables copnversion script.

Signed-off-by: Will Stevens <williamstevens@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9a20ab8b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9a20ab8b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9a20ab8b

Branch: refs/heads/4.8
Commit: 9a20ab8bcbbd39aa012a0ec5a65e66bcc737ee0e
Parents: 7a0b37a ebb7cb6
Author: Will Stevens <williamstevens@gmail.com>
Authored: Wed May 18 15:50:20 2016 -0400
Committer: Will Stevens <williamstevens@gmail.com>
Committed: Wed May 18 15:50:20 2016 -0400

----------------------------------------------------------------------
 .../debian/config/opt/cloud/bin/configure.py    |  39 ++--
 .../debian/config/opt/cloud/bin/cs/CsAddress.py |  31 ++-
 .../debian/config/opt/cloud/bin/cs/CsDhcp.py    |   2 +-
 .../config/opt/cloud/bin/cs/CsLoadBalancer.py   |  10 +-
 .../config/opt/cloud/bin/cs/CsNetfilter.py      |  72 +++---
 .../config/opt/cloud/bin/cs_iptables_save.py    | 227 +++++++++++++++++++
 6 files changed, 312 insertions(+), 69 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9a20ab8b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --cc systemvm/patches/debian/config/opt/cloud/bin/configure.py
index b5f65e7,1e4469c..dc84916
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@@ -787,11 -805,11 +792,11 @@@ class CsForwardingRules(CsDataBag)
                  rule['public_ip'],
                  rule['protocol'],
                  rule['protocol'],
 -                self.portsToString(rule['public_ports'], ':'),
 +                public_fwports,
                  rule['internal_ip'],
 -                self.portsToString(rule['internal_ports'], '-')
 +                internal_fwports
                )
-         fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport
%s" % \
+         fw4 = "-A POSTROUTING -j SNAT --to-source %s -s %s -d %s/32 -o %s -p %s -m %s --dport
%s" % \
                (
                  self.getGuestIp(),
                  self.getNetworkByIp(rule['internal_ip']),

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9a20ab8b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
----------------------------------------------------------------------


Mime
View raw message