Summary: Prevent deletion of wrong iptables rules Detail: A grep in security_group.py wasn't defined well enough, could potentially delete rules for VMs other than intended
BUG-ID: CLOUDSTACK-309 Bugfix-for: master Reviewed-by: Reported-by: Francois Scala Signed-off-by: John Kinsella <[email protected]> 1363222521 -0700 Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/4a556d12 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/4a556d12 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/4a556d12 Branch: refs/heads/4.1 Commit: 4a556d1280a558c8234c40ce6511794b0ad4081c Parents: beb6170 Author: John Kinsella <[email protected]> Authored: Wed Mar 13 17:54:50 2013 -0700 Committer: Chip Childers <[email protected]> Committed: Thu Mar 14 15:40:35 2013 -0400 ---------------------------------------------------------------------- scripts/vm/network/security_group.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/4a556d12/scripts/vm/network/security_group.py ---------------------------------------------------------------------- diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py index 50a1641..1bcbc3e 100755 --- a/scripts/vm/network/security_group.py +++ b/scripts/vm/network/security_group.py @@ -344,7 +344,7 @@ def post_default_network_rules(vm_name, vm_id, vm_ip, vm_mac, vif, brname, dhcpS def delete_rules_for_vm_in_bridge_firewall_chain(vmName): vm_name = vmName if vm_name.startswith('i-') or vm_name.startswith('r-'): - vm_name = '-'.join(vm_name.split('-')[:-1]) + vm_name = '-'.join(vm_name.split('-')[:-1]) + "-def" vmchain = vm_name
