cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [cloudstack] 01/01: Merge remote-tracking branch 'origin/4.9' into 4.10
Date Sat, 22 Jul 2017 09:09:08 GMT
This is an automated email from the ASF dual-hosted git repository.

bhaisaab pushed a commit to branch 4.10
in repository https://gitbox.apache.org/repos/asf/cloudstack.git

commit ffddd6db09b3fcfb04ac266e95f81c8a3f4313be
Merge: de7e241 449ff97
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
AuthorDate: Sat Jul 22 11:07:42 2017 +0200

    Merge remote-tracking branch 'origin/4.9' into 4.10

 .../cloudstack/api/response/ClusterResponse.java   |  8 +++++++-
 packaging/centos63/cloud.spec                      | 23 +++++++++++-----------
 packaging/centos7/cloud.spec                       | 18 ++++++++---------
 .../debian/config/opt/cloud/bin/configure.py       |  2 +-
 .../debian/config/opt/cloud/bin/cs/CsAddress.py    |  2 +-
 .../debian/config/opt/cloud/bin/cs/CsRoute.py      |  2 +-
 6 files changed, 29 insertions(+), 26 deletions(-)

diff --cc systemvm/patches/debian/config/opt/cloud/bin/configure.py
index 9efc07c,82244e4..f6d9530
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@@ -134,48 -126,24 +134,48 @@@ class CsAcl(CsDataBag)
              if "first_port" in self.rule.keys() and \
                 self.rule['first_port'] != self.rule['last_port']:
                      rnge = " --dport %s:%s" % (rule['first_port'], rule['last_port'])
 -            if self.direction == 'ingress':
 -                if rule['protocol'] == "icmp":
 -                    self.fw.append(["mangle", "front",
 -                                    " -A FIREWALL_%s" % self.ip +
 -                                    " -s %s " % cidr +
 -                                    " -p %s " % rule['protocol'] +
 -                                    " -m %s " % rule['protocol'] +
 -                                    " --icmp-type %s -j %s" % (icmp_type, self.rule['action'])])
 -                else:
 -                    self.fw.append(["mangle", "front",
 -                                    " -A FIREWALL_%s" % self.ip +
 -                                    " -s %s " % cidr +
 -                                    " -p %s " % rule['protocol'] +
 -                                    " -m %s " % rule['protocol'] +
 -                                    "  %s -j %s" % (rnge, self.rule['action'])])
  
              logging.debug("Current ACL IP direction is ==> %s", self.direction)
 +
 +            if self.direction == 'ingress':
 +                for cidr in self.rule['cidr']:
 +                    if rule['protocol'] == "icmp":
 +                        self.fw.append(["mangle", "front",
 +                                        " -A FIREWALL_%s" % self.ip +
 +                                        " -s %s " % cidr +
 +                                        " -p %s " % rule['protocol'] +
 +                                        " --icmp-type %s -j %s" % (icmp_type, self.rule['action'])])
 +                    else:
 +                        self.fw.append(["mangle", "front",
 +                                        " -A FIREWALL_%s" % self.ip +
 +                                        " -s %s " % cidr +
 +                                        " -p %s " % rule['protocol'] +
-                                         "  %s -j RETURN" % rnge])
++                                        "  %s -j %s" % (rnge, self.rule['action'])])
 +
 +            sflag=False
 +            dflag=False
              if self.direction == 'egress':
 +                ruleId = self.rule['id']
 +                sourceIpsetName = 'sourceCidrIpset-%d' %ruleId
 +                destIpsetName = 'destCidrIpset-%d' %ruleId
 +
 +                #create source cidr ipset
 +                srcIpset = 'ipset create '+sourceIpsetName + ' hash:net '
 +                dstIpset = 'ipset create '+destIpsetName + ' hash:net '
 +
 +                CsHelper.execute(srcIpset)
 +                CsHelper.execute(dstIpset)
 +                for cidr in self.rule['cidr']:
 +                    ipsetAddCmd = 'ipset add '+ sourceIpsetName + ' '+cidr
 +                    CsHelper.execute(ipsetAddCmd)
 +                    sflag = True
 +
 +                logging.debug("egress   rule  ####==> %s", self.rule)
 +                for cidr in self.rule['dcidr']:
 +                    ipsetAddCmd = 'ipset add '+ destIpsetName + ' '+cidr
 +                    CsHelper.execute(ipsetAddCmd)
 +                    dflag = True
 +
                  self.fw.append(["filter", "", " -A FW_OUTBOUND -j FW_EGRESS_RULES"])
  
                  fwr = " -I FW_EGRESS_RULES"
diff --cc systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
index 539c3a5,4eac348..071a7b2
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@@ -382,9 -378,9 +382,9 @@@ class CsIP
                              "-A FIREWALL_%s " % self.address['public_ip'] +
                              "-m state --state RELATED,ESTABLISHED -j ACCEPT"])
              self.fw.append(["mangle", "",
 -                            "-A FIREWALL_%s DROP" % self.address['public_ip']])
 +                            "-A FIREWALL_%s -j DROP" % self.address['public_ip']])
              self.fw.append(["mangle", "",
-                             "-A VPN_%s -m state --state RELATED,ESTABLISHED -j ACCEPT" %
self.address['public_ip']])
+                             "-I VPN_%s -m state --state RELATED,ESTABLISHED -j ACCEPT" %
self.address['public_ip']])
              self.fw.append(["mangle", "",
                              "-A VPN_%s -j RETURN" % self.address['public_ip']])
              self.fw.append(["nat", "",

-- 
To stop receiving notification emails like this one, please contact
"commits@cloudstack.apache.org" <commits@cloudstack.apache.org>.

Mime
View raw message