Always put the ipv6 fallback in place. FLAGS.use_ipv6 does not exist yet when the firewall driver is instantiated and the iptables manager takes care not to fiddle with ipv6 if not enabled.

author: Soren Hansen <soren@linux2go.dk> 2011-03-15 09:48:21 +0100
committer: Soren Hansen <soren@linux2go.dk> 2011-03-15 09:48:21 +0100
commit: 8a41046dc7cafb19afb6719866b11681daaa9082 (patch)
tree: 1c0bd805c4376a7b7e66a50802880a1ae0018728 /nova
parent: af747a5453ce7d8b68af91c7d4e1408f986061fd (diff)
download: nova-8a41046dc7cafb19afb6719866b11681daaa9082.tar.gz
nova-8a41046dc7cafb19afb6719866b11681daaa9082.tar.xz
nova-8a41046dc7cafb19afb6719866b11681daaa9082.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 03f046cbd..f87decaa0 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1597,9 +1597,8 @@ class IptablesFirewallDriver(FirewallDriver):
 
         self.iptables.ipv4['filter'].add_chain('sg-fallback')
         self.iptables.ipv4['filter'].add_rule('sg-fallback', '-j DROP')
-        if FLAGS.use_ipv6:
-            self.iptables.ipv6['filter'].add_chain('sg-fallback')
-            self.iptables.ipv6['filter'].add_rule('sg-fallback', '-j DROP')
+        self.iptables.ipv6['filter'].add_chain('sg-fallback')
+        self.iptables.ipv6['filter'].add_rule('sg-fallback', '-j DROP')
 
     def setup_basic_filtering(self, instance):
         """Use NWFilter from libvirt for this."""
author	Soren Hansen <soren@linux2go.dk>	2011-03-15 09:48:21 +0100
committer	Soren Hansen <soren@linux2go.dk>	2011-03-15 09:48:21 +0100
commit	8a41046dc7cafb19afb6719866b11681daaa9082 (patch)
tree	1c0bd805c4376a7b7e66a50802880a1ae0018728 /nova
parent	af747a5453ce7d8b68af91c7d4e1408f986061fd (diff)
download	nova-8a41046dc7cafb19afb6719866b11681daaa9082.tar.gz nova-8a41046dc7cafb19afb6719866b11681daaa9082.tar.xz nova-8a41046dc7cafb19afb6719866b11681daaa9082.zip