In instance chains and rules for ipv4 and ipv6, ACCEPT target was missing.

author: Tushar Patil <tushar.vitthal.patil@gmail.com> 2011-01-25 21:34:17 +0000
committer: Tarmac <> 2011-01-25 21:34:17 +0000
commit: 705cbaa3d311c21cf2a7318e52a60eeadebb435a (patch)
tree: 2cbae978038b7b8238dbea81798ba8840e8e0f7a /nova
parent: b2d0a77c53d1bd108d233e58f68655381cec4e16 (diff)
parent: 1b259ba6ac7401d99eff2ded3100c73f3048728e (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 259e19a69..548d82ba9 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1268,13 +1268,13 @@ class IptablesFirewallDriver(FirewallDriver):
             if(ip_version == 4):
                 # Allow DHCP responses
                 dhcp_server = self._dhcp_server_for_instance(instance)
-                our_rules += ['-A %s -s %s -p udp --sport 67 --dport 68' %
-                                                 (chain_name, dhcp_server)]
+                our_rules += ['-A %s -s %s -p udp --sport 67 --dport 68 '
+                              '-j ACCEPT ' % (chain_name, dhcp_server)]
             elif(ip_version == 6):
                 # Allow RA responses
                 ra_server = self._ra_server_for_instance(instance)
-                our_rules += ['-A %s -s %s -p icmpv6' %
-                                                 (chain_name, ra_server)]
+                our_rules += ['-A %s -s %s -p icmpv6 '
+                              '-j ACCEPT' % (chain_name, ra_server)]
 
             # If nothing matches, jump to the fallback chain
             our_rules += ['-A %s -j nova-fallback' % (chain_name,)]
author	Tushar Patil <tushar.vitthal.patil@gmail.com>	2011-01-25 21:34:17 +0000
committer	Tarmac <>	2011-01-25 21:34:17 +0000
commit	705cbaa3d311c21cf2a7318e52a60eeadebb435a (patch)
tree	2cbae978038b7b8238dbea81798ba8840e8e0f7a /nova
parent	b2d0a77c53d1bd108d233e58f68655381cec4e16 (diff)
parent	1b259ba6ac7401d99eff2ded3100c73f3048728e (diff)