Added iptables rule to IptablesFirewallDriver like in Hisaharu Ishii patch with some workaround

author: Ilya Alekseyev <ialekseev@griddynamics.com> 2011-01-25 21:58:07 +0300
committer: Ilya Alekseyev <ialekseev@griddynamics.com> 2011-01-25 21:58:07 +0300
commit: e811667b1e08bdfd7647cc29f792441db2cfb752 (patch)
tree: 8d5e786e51f084d474e0401cf2b1e40c4cb6df35
parent: 07f39806f3b82d5d06371758e3efe597a47434ed (diff)
download: nova-e811667b1e08bdfd7647cc29f792441db2cfb752.tar.gz
nova-e811667b1e08bdfd7647cc29f792441db2cfb752.tar.xz
nova-e811667b1e08bdfd7647cc29f792441db2cfb752.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 259e19a69..cb8528e96 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1270,11 +1270,20 @@ class IptablesFirewallDriver(FirewallDriver):
                 dhcp_server = self._dhcp_server_for_instance(instance)
                 our_rules += ['-A %s -s %s -p udp --sport 67 --dport 68' %
                                                  (chain_name, dhcp_server)]
+                #Allow project network traffic
+                if (FLAGS.allow_project_net_traffic):
+                    cidr = self._project_cidr_for_instance(instance)
+                    our_rules += ['-A %s -s %s -j ACCEPT' % (chain_name, cidr)]
             elif(ip_version == 6):
                 # Allow RA responses
                 ra_server = self._ra_server_for_instance(instance)
                 our_rules += ['-A %s -s %s -p icmpv6' %
                                                  (chain_name, ra_server)]
+                #Allow project network traffic
+                if (FLAGS.allow_project_net_traffic):
+                    cidrv6 = self._project_cidrv6_for_instance(instance)
+                    our_rules += ['-A %s -s %s -j ACCEPT' %
+                                        (chain_name, cidrv6)]
 
             # If nothing matches, jump to the fallback chain
             our_rules += ['-A %s -j nova-fallback' % (chain_name,)]
@@ -1369,3 +1378,13 @@ class IptablesFirewallDriver(FirewallDriver):
         network = db.network_get_by_instance(context.get_admin_context(),
                                              instance['id'])
         return network['ra_server']
+
+    def _project_cidr_for_instance(self, instance):
+        network = db.network_get_by_instance(context.get_admin_context(),
+                                             instance['id'])
+        return network['cidr']
+
+    def _project_cidrv6_for_instance(self, instance):
+        network = db.network_get_by_instance(context.get_admin_context(),
+                                             instance['id'])
+        return network['cidr_v6']
+\ No newline at end of file
author	Ilya Alekseyev <ialekseev@griddynamics.com>	2011-01-25 21:58:07 +0300
committer	Ilya Alekseyev <ialekseev@griddynamics.com>	2011-01-25 21:58:07 +0300
commit	e811667b1e08bdfd7647cc29f792441db2cfb752 (patch)
tree	8d5e786e51f084d474e0401cf2b1e40c4cb6df35
parent	07f39806f3b82d5d06371758e3efe597a47434ed (diff)
download	nova-e811667b1e08bdfd7647cc29f792441db2cfb752.tar.gz nova-e811667b1e08bdfd7647cc29f792441db2cfb752.tar.xz nova-e811667b1e08bdfd7647cc29f792441db2cfb752.zip