Also remove rules that jump to deleted chains.

author: Soren Hansen <soren@linux2go.dk> 2011-02-21 10:18:43 +0100
committer: Soren Hansen <soren@linux2go.dk> 2011-02-21 10:18:43 +0100
commit: cbb0402efac4ededdda0ac2097ec087216e23931 (patch)
tree: 6cff3bd2c85375dbff5196e63987b3257c5a3009
parent: e729c49543c5acf354b154a3e2d9fd76a2f7da35 (diff)
2 files changed, 6 insertions, 6 deletions
diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py
index ecda450bf..1f96a4d55 100644
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@@ -104,6 +104,9 @@ class IptablesTable(object):
         self.chains.remove(name)
         self.rules = filter(lambda r: r.chain != name, self.rules)
 
+        jump_snippet = '-j %s-%s' % (binary_name, name)
+        self.rules = filter(lambda r: jump_snippet not in r.rule, self.rules)
+
     def add_rule(self, chain, rule, wrap=True):
         if wrap and chain not in self.chains:
             raise ValueError(_("Unknown chain: %r") % chain)
@@ -283,7 +286,7 @@ def remove_floating_forward(floating_ip, fixed_ip):
 def floating_forward_rules(floating_ip, fixed_ip):
     return [("PREROUTING", "-d %s -j DNAT --to %s" % (floating_ip, fixed_ip)),
             ("OUTPUT", "-d %s -j DNAT --to %s" % (floating_ip, fixed_ip)),
-            ("SNATTING", "-d %s -j DNAT --to %s" % (fixed_ip, floating_ip))]
+            ("SNATTING", "-d %s -j SNAT --to %s" % (fixed_ip, floating_ip))]
 
 def ensure_vlan_bridge(vlan_num, bridge, net_attrs=None):
     """Create a vlan and bridge unless they already exist"""
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 3faf01f4b..daf8f0ed7 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -44,9 +44,6 @@ import uuid
 from xml.dom import minidom
 
 
-from eventlet import greenthread
-from eventlet import event
-from eventlet import semaphore
 from eventlet import tpool
 
 import IPy
@@ -1246,7 +1243,7 @@ class IptablesFirewallDriver(FirewallDriver):
         if FLAGS.use_ipv6:
             self.iptables.ipv6['filter'].add_chain(chain_name)
             ipv6_address = self._ip_for_instance_v6(instance)
-            self.iptables.ipv4['filter'].add_rule('local',
+            self.iptables.ipv6['filter'].add_rule('local',
                                                   '-d %s -j $%s' %
                                                   (ipv6_address,
                                                    chain_name))
@@ -1376,7 +1373,7 @@ class IptablesFirewallDriver(FirewallDriver):
         pass
 
     def refresh_security_group_rules(self, security_group):
-        for instance in self.instances:
+        for instance in self.instances.values():
             self.remove_filters_for_instance(instance)
             self.add_filters_for_instance(instance)
         self.iptables.apply()
author	Soren Hansen <soren@linux2go.dk>	2011-02-21 10:18:43 +0100
committer	Soren Hansen <soren@linux2go.dk>	2011-02-21 10:18:43 +0100
commit	cbb0402efac4ededdda0ac2097ec087216e23931 (patch)
tree	6cff3bd2c85375dbff5196e63987b3257c5a3009
parent	e729c49543c5acf354b154a3e2d9fd76a2f7da35 (diff)