[GitHub] cloudstack pull request: Restore iptables at once using iptables-r...

Sat, 09 Apr 2016 12:08:00 -0700 

GitHub user remibergsma opened a pull request:

    https://github.com/apache/cloudstack/pull/1482

    Restore iptables at once using iptables-restore instead of calling iptables 
numerous times

    This makes handling the firewall rules about 50-60 times faster because it 
is generated in memory and then loaded once. It's work by @borisroman see PR 
#1400. Reopened it here because I think this is a great improvement. 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/remibergsma/cloudstack iptables-fix

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1482.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1482
    
----
commit 0f75042566b7cc72666708485bdaa9337721e9fe
Author: Boris Schrijver <bschrij...@schubergphilis.com>
Date:   2016-02-01T14:57:26Z

    Add iptables copnversion script.
    
    Source: 
https://raw.githubusercontent.com/sl0/conv/master/iptables_converter.py

commit b857f79fcb14b9594840e483cfcf0e4c0fac2f6b
Author: Boris Schrijver <bschrij...@schubergphilis.com>
Date:   2016-02-01T14:58:27Z

    Restore iptables at once using iptables-restore instead of calling iptables 
numerous times

commit 69e9348900e6337a16788a54283d5c9ee3b7a221
Author: Boris Schrijver <bschrij...@schubergphilis.com>
Date:   2016-02-03T14:30:19Z

    Remove duplicate spaces, and thus duplicate rules.

commit eb9706b6558d5113000a6c10d861308fbc8cd692
Author: Boris Schrijver <bschrij...@schubergphilis.com>
Date:   2016-02-03T15:15:28Z

    Wait for dnsmasq to finish restart

commit 18d5cd285536954403cf5eec64024e5909e55d41
Author: Boris Schrijver <bschrij...@schubergphilis.com>
Date:   2016-02-05T20:04:06Z

    Do not load previous firewall rules as we replace everyhing anyway

commit 709be45cf0f32bacc54ec2384be9e54bd62a5acf
Author: Boris Schrijver <bschrij...@schubergphilis.com>
Date:   2016-02-05T20:06:53Z

    Check the existence of 'forceencap' parameter before use

commit 30741a3309da346f324a8f365cb6ef8e1aab39d8
Author: Boris Schrijver <bschrij...@schubergphilis.com>
Date:   2016-02-05T20:11:59Z

    Split the cidr lists so we won't hit the iptables-resture limits

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to