Reorder insance rules for provider rules immediately after base, before secgroups.

author: Todd Willey <todd@ansolabs.com> 2011-01-31 16:02:29 -0500
committer: Todd Willey <todd@ansolabs.com> 2011-01-31 16:02:29 -0500
commit: d47886e16504cc92d0f9b33e02417229970d3efb (patch)
tree: f14fe33f80aff3682cf200dba84258b1feea0dae
parent: 7ee26753b06dcf49867796fcadfa6f430bc46578 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 2f99a0bb1..ec6572d3f 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1161,7 +1161,8 @@ class NWFilterFirewall(FirewallDriver):
 
         instance_filter_name = self._instance_filter_name(instance)
         instance_secgroup_filter_name = '%s-secgroup' % (instance_filter_name,)
-        instance_filter_children = [base_filter, instance_secgroup_filter_name]
+        instance_filter_children = [base_filter, 'nova-provider-rules',
+                                    instance_secgroup_filter_name]
         instance_secgroup_filter_children = ['nova-base-ipv4',
                                              'nova-base-ipv6',
                                              'nova-allow-dhcp-server']
@@ -1185,8 +1186,6 @@ class NWFilterFirewall(FirewallDriver):
             instance_secgroup_filter_children += [('nova-secgroup-%s' %
                                                          security_group['id'])]
 
-        instance_filter_children += ['nova-provider-rules']
-
         self._define_filter(
                     self._filter_container(instance_secgroup_filter_name,
                                            instance_secgroup_filter_children))
author	Todd Willey <todd@ansolabs.com>	2011-01-31 16:02:29 -0500
committer	Todd Willey <todd@ansolabs.com>	2011-01-31 16:02:29 -0500
commit	d47886e16504cc92d0f9b33e02417229970d3efb (patch)
tree	f14fe33f80aff3682cf200dba84258b1feea0dae
parent	7ee26753b06dcf49867796fcadfa6f430bc46578 (diff)