cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-8401) SG rules don't get properly cleaned up on KVM
Date Sat, 25 Apr 2015 01:14:39 GMT


ASF subversion and git services commented on CLOUDSTACK-8401:

Commit 840c0a0974966d75e60a98fbbf88bf4e9bf0c761 in cloudstack's branch refs/heads/master from
[;h=840c0a0 ]

CLOUDSTACK-8401: Fix KVM's SG script to properly cleanup old network rules

- Router VMs don't have a chain rule with -def suffix, this fixes name and
  properly removes VR vms not running on a host
- Before trying to remove dnats, filter empty/None elements from list
- destroy_ebtables_rules should check what kind of action is request to be
  performed (-A for add or -D for removed) and execute based on that
- Before executing any command, log it for debugging purposes
- Method to cleanup bridge, may be used in future

Signed-off-by: Rohit Yadav <>
(cherry picked from commit 39255121154cca214328e93093db65f968b8c9f8)
Signed-off-by: Rohit Yadav <>

> SG rules don't get properly cleaned up on KVM
> ---------------------------------------------
>                 Key: CLOUDSTACK-8401
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: KVM
>    Affects Versions: 4.5.0, 4.4.3
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>             Fix For: 4.6.0, 4.5.1
> Security groups (iptables and ebtable rules) rules don't get cleaned up properly because
the file fails to remove using correct chain name.

This message was sent by Atlassian JIRA

View raw message