git commit: updated refs/heads/4.3 to 59406cf

Thu, 05 Dec 2013 10:52:42 -0800 

Updated Branches:
  refs/heads/4.3 e5e39577c -> 59406cf22


Change security_group_agent python side in line with default
security group rules change in 4.2


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/59406cf2
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/59406cf2
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/59406cf2

Branch: refs/heads/4.3
Commit: 59406cf225c5d66124ba095f8104ad4b206bf422
Parents: e5e3957
Author: Frank.Zhang <frank.zh...@citrix.com>
Authored: Thu Oct 10 14:43:40 2013 -0700
Committer: Frank.Zhang <frank.zh...@citrix.com>
Committed: Thu Dec 5 10:51:56 2013 -0800

----------------------------------------------------------------------
 .../security_group_agent/cs_sg_agent.py                 | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/59406cf2/plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py
----------------------------------------------------------------------
diff --git 
a/plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py
 
b/plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py
index f940264..9bd541b 100755
--- 
a/plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py
+++ 
b/plugins/hypervisors/baremetal/resources/security_group_agent/security_group_agent/cs_sg_agent.py
@@ -323,6 +323,14 @@ class SGAgent(object):
     
     @staticmethod
     def start():
+
+        def create_rule_if_not_exists(rule):
+            out = sglib.ShellCmd('iptables-save')()
+            if rule in out:
+                return
+
+            sglib.ShellCmd('iptables %s' % rule)()
+
         def prepare_default_rules():
             sglib.ShellCmd('iptables --policy INPUT DROP')()
             name = 'default-chain'
@@ -330,7 +338,9 @@ class SGAgent(object):
                 sglib.ShellCmd('iptables -F %s' % name)()
             except Exception:
                 sglib.ShellCmd('iptables -N %s' % name)()
-            sglib.ShellCmd('iptables -I INPUT -p tcp --dport 9988 -j ACCEPT')()
+
+            create_rule_if_not_exists('-I INPUT -p tcp --dport 9988 -j ACCEPT')
+            create_rule_if_not_exists('-I INPUT -m state --state 
RELATED,ESTABLISHED -j ACCEPT')
 
 
         prepare_default_rules()

Reply via email to