Fix for bug #702237

author: Ilya Alekseyev <ialekseev@griddynamics.com> 2011-01-25 22:59:36 +0000
committer: Tarmac <> 2011-01-25 22:59:36 +0000
commit: efdf3caaef85d2a82833253b1c150a3ec8823260 (patch)
tree: 354ed5445fe67275ceac044e57817e78fa430fa2
parent: ec3ee01cf7c89f612261e6a6970c14094470abeb (diff)
parent: 0d247586e708078e590913d1e36e4b2afa70d750 (diff)
download: nova-efdf3caaef85d2a82833253b1c150a3ec8823260.tar.gz
nova-efdf3caaef85d2a82833253b1c150a3ec8823260.tar.xz
nova-efdf3caaef85d2a82833253b1c150a3ec8823260.zip
1 files changed, 21 insertions, 2 deletions
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 9d18419a2..58272d6fe 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1270,12 +1270,21 @@ class IptablesFirewallDriver(FirewallDriver):
                 # Allow DHCP responses
                 dhcp_server = self._dhcp_server_for_instance(instance)
                 our_rules += ['-A %s -s %s -p udp --sport 67 --dport 68 '
-                              '-j ACCEPT ' % (chain_name, dhcp_server)]
+                                    '-j ACCEPT ' % (chain_name, dhcp_server)]
+                #Allow project network traffic
+                if (FLAGS.allow_project_net_traffic):
+                    cidr = self._project_cidr_for_instance(instance)
+                    our_rules += ['-A %s -s %s -j ACCEPT' % (chain_name, cidr)]
             elif(ip_version == 6):
                 # Allow RA responses
                 ra_server = self._ra_server_for_instance(instance)
                 our_rules += ['-A %s -s %s -p icmpv6 '
-                              '-j ACCEPT' % (chain_name, ra_server)]
+                                '-j ACCEPT' % (chain_name, ra_server)]
+                #Allow project network traffic
+                if (FLAGS.allow_project_net_traffic):
+                    cidrv6 = self._project_cidrv6_for_instance(instance)
+                    our_rules += ['-A %s -s %s -j ACCEPT' %
+                                        (chain_name, cidrv6)]
 
             # If nothing matches, jump to the fallback chain
             our_rules += ['-A %s -j nova-fallback' % (chain_name,)]
@@ -1370,3 +1379,13 @@ class IptablesFirewallDriver(FirewallDriver):
         network = db.network_get_by_instance(context.get_admin_context(),
                                              instance['id'])
         return network['ra_server']
+
+    def _project_cidr_for_instance(self, instance):
+        network = db.network_get_by_instance(context.get_admin_context(),
+                                             instance['id'])
+        return network['cidr']
+
+    def _project_cidrv6_for_instance(self, instance):
+        network = db.network_get_by_instance(context.get_admin_context(),
+                                             instance['id'])
+        return network['cidr_v6']
author	Ilya Alekseyev <ialekseev@griddynamics.com>	2011-01-25 22:59:36 +0000
committer	Tarmac <>	2011-01-25 22:59:36 +0000
commit	efdf3caaef85d2a82833253b1c150a3ec8823260 (patch)
tree	354ed5445fe67275ceac044e57817e78fa430fa2
parent	ec3ee01cf7c89f612261e6a6970c14094470abeb (diff)
parent	0d247586e708078e590913d1e36e4b2afa70d750 (diff)
download	nova-efdf3caaef85d2a82833253b1c150a3ec8823260.tar.gz nova-efdf3caaef85d2a82833253b1c150a3ec8823260.tar.xz nova-efdf3caaef85d2a82833253b1c150a3ec8823260.zip