summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSoren Hansen <soren@linux2go.dk>2011-01-25 21:20:42 +0100
committerSoren Hansen <soren@linux2go.dk>2011-01-25 21:20:42 +0100
commite44b28a0daa771c67fa8672f89f7d52ee1bfec22 (patch)
tree2910b43f9b4ee566b36b0f8c2b057ad85d07c53d
parent588bf6717a11930435ad3b3aa1941cff8495e2b5 (diff)
downloadnova-e44b28a0daa771c67fa8672f89f7d52ee1bfec22.tar.gz
nova-e44b28a0daa771c67fa8672f89f7d52ee1bfec22.tar.xz
nova-e44b28a0daa771c67fa8672f89f7d52ee1bfec22.zip
Perform same filtering for OUTPUT as FORWARD in iptables. This removes a way around the filtering.
Diffstat
-rw-r--r--nova/virt/libvirt_conn.py1
1 files changed, 1 insertions, 0 deletions
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 37eb02e4f..ac7fd8ef0 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1228,6 +1228,7 @@ class IptablesFirewallDriver(FirewallDriver):
our_chains += [':nova-local - [0:0]']
our_rules += ['-A FORWARD -j nova-local']
+ our_rules += ['-A OUTPUT -j nova-local']
security_groups = {}
# Add our chains
generated by cgit (git 2.34.1) at 2026-02-01 20:55:58 +0000