Merge "Ensure that FORWARD rule also supports DHCP"

author: Jenkins <jenkins@review.openstack.org> 2013-03-05 14:06:23 +0000
committer: Gerrit Code Review <review@openstack.org> 2013-03-05 14:06:23 +0000
commit: 84d8ba574b0b19876b98b435a0d47ac1b8dd035c (patch)
tree: ccb495fc2346b0ea1cd397b4308ad8448b686bce
parent: 97ae92b50ce51679c982e61340d652149935849d (diff)
parent: 83e907f5881ba4344162286f190c78be036ba61d (diff)
download: nova-84d8ba574b0b19876b98b435a0d47ac1b8dd035c.tar.gz
nova-84d8ba574b0b19876b98b435a0d47ac1b8dd035c.tar.xz
nova-84d8ba574b0b19876b98b435a0d47ac1b8dd035c.zip
3 files changed, 8 insertions, 4 deletions
diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
index af068e4d2..10ef7805d 100644
--- a/nova/tests/test_libvirt.py
+++ b/nova/tests/test_libvirt.py
@@ -3948,9 +3948,9 @@ class IptablesFirewallTestCase(test.TestCase):
         ipv6 = self.fw.iptables.ipv6['filter'].rules
         ipv4_network_rules = len(ipv4) - len(inst_ipv4) - ipv4_len
         ipv6_network_rules = len(ipv6) - len(inst_ipv6) - ipv6_len
-        # Extra rule is for the DHCP request
+        # Extra rules are for the DHCP request
         rules = (ipv4_rules_per_addr * ipv4_addr_per_network *
-                 networks_count) + 1
+                 networks_count) + 2
         self.assertEquals(ipv4_network_rules, rules)
         self.assertEquals(ipv6_network_rules,
                   ipv6_rules_per_addr * ipv6_addr_per_network * networks_count)
diff --git a/nova/tests/test_xenapi.py b/nova/tests/test_xenapi.py
index a4cde1aac..0f603dfbf 100644
--- a/nova/tests/test_xenapi.py
+++ b/nova/tests/test_xenapi.py
@@ -2068,9 +2068,9 @@ class XenAPIDom0IptablesFirewallTestCase(stubs.XenAPITestBase):
         ipv6 = self.fw.iptables.ipv6['filter'].rules
         ipv4_network_rules = len(ipv4) - len(inst_ipv4) - ipv4_len
         ipv6_network_rules = len(ipv6) - len(inst_ipv6) - ipv6_len
-        # Extra rule is for the DHCP request
+        # Extra rules are for the DHCP request
         rules = (ipv4_rules_per_addr * ipv4_addr_per_network *
-                 networks_count) + 1
+                 networks_count) + 2
         self.assertEquals(ipv4_network_rules, rules)
         self.assertEquals(ipv6_network_rules,
                   ipv6_rules_per_addr * ipv6_addr_per_network * networks_count)
diff --git a/nova/virt/firewall.py b/nova/virt/firewall.py
index d9502ec46..7e133135d 100644
--- a/nova/virt/firewall.py
+++ b/nova/virt/firewall.py
@@ -201,6 +201,10 @@ class IptablesFirewallDriver(FirewallDriver):
                     'INPUT',
                     '-s 0.0.0.0/32 -d 255.255.255.255/32 '
                     '-p udp -m udp --sport 68 --dport 67 -j ACCEPT')
+            self.iptables.ipv4['filter'].add_rule(
+                    'FORWARD',
+                    '-s 0.0.0.0/32 -d 255.255.255.255/32 '
+                    '-p udp -m udp --sport 68 --dport 67 -j ACCEPT')
             self.dhcp_created = True
         self.iptables.apply()
author	Jenkins <jenkins@review.openstack.org>	2013-03-05 14:06:23 +0000
committer	Gerrit Code Review <review@openstack.org>	2013-03-05 14:06:23 +0000
commit	84d8ba574b0b19876b98b435a0d47ac1b8dd035c (patch)
tree	ccb495fc2346b0ea1cd397b4308ad8448b686bce
parent	97ae92b50ce51679c982e61340d652149935849d (diff)
parent	83e907f5881ba4344162286f190c78be036ba61d (diff)
download	nova-84d8ba574b0b19876b98b435a0d47ac1b8dd035c.tar.gz nova-84d8ba574b0b19876b98b435a0d47ac1b8dd035c.tar.xz nova-84d8ba574b0b19876b98b435a0d47ac1b8dd035c.zip