incubator-cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anthon...@apache.org
Subject [2/2] git commit: CS-16409 : dhcp request doesn't have target ip, remove ip in the iptable rule
Date Wed, 03 Oct 2012 17:06:57 GMT
CS-16409 : dhcp request doesn't have target ip, remove ip in the iptable rule


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/ed094447
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/ed094447
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/ed094447

Branch: refs/heads/4.0
Commit: ed094447cd536311988589181dc9de2f93683efd
Parents: 95df352
Author: Anthony Xu <anthony@cloud.com>
Authored: Thu Sep 27 20:24:37 2012 -0700
Committer: Anthony Xu <anthony@cloud.com>
Committed: Wed Oct 3 10:04:11 2012 -0700

----------------------------------------------------------------------
 .../debian/config/opt/cloud/bin/vpc_guestnw.sh     |   22 +++++---------
 1 files changed, 8 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/ed094447/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
index 90de218..ae966ec 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
@@ -79,6 +79,11 @@ desetup_apache2() {
 
 setup_dnsmasq() {
   logger -t cloud "Setting up dnsmasq for network $ip/$mask "
+  # setup rules to allow dhcp/dns request
+  sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
+  sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
+  sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
+  sudo iptables -A INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
   # setup static 
   sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
   echo "dhcp-range=interface:$dev,set:interface-$dev,$ip,static" >> /etc/dnsmasq.d/cloud.conf
@@ -93,7 +98,9 @@ setup_dnsmasq() {
 
 desetup_dnsmasq() {
   logger -t cloud "Desetting up dnsmasq for network $ip/$mask "
-  
+  # remove rules to allow dhcp/dns request
+  sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
+  sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
   sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,option:router.*$/d" /etc/dnsmasq.d/cloud.conf
   sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,6.*$/d" /etc/dnsmasq.d/cloud.conf
   sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
@@ -121,15 +128,6 @@ create_guest_network() {
   sudo ip addr add dev $dev $ip/$mask brd +
   sudo ip link set $dev up
   sudo arping -c 3 -I $dev -A -U -s $ip $ip
-  # setup rules to allow dhcp/dns request
-  sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
-  sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
-  sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
-  sudo iptables -A INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
-  sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
-  sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
-  sudo iptables -A INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
-  sudo iptables -A INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
   # restore mark from  connection mark
   local tableName="Table_$dev"
   sudo ip route add $subnet/$mask dev $dev table $tableName proto static
@@ -146,10 +144,6 @@ destroy_guest_network() {
   logger -t cloud " $(basename $0): Create network on interface $dev,  gateway $gw, network
$ip/$mask "
 
   sudo ip addr del dev $dev $ip/$mask
-  sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
-  sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
-  sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
-  sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
   sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK
--restore-mark
   sudo iptables -t nat -A POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
   destroy_acl_chain


Mime
View raw message