From a86507b3224eb051fea97f65bd5653758fa91668 Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda@yahoo.com>
Date: Wed, 29 Sep 2010 06:17:39 -0700
Subject: fix ordering of rules to actually allow out and drop in

---
 nova/virt/libvirt_conn.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index c86f3ffb7..9d889cf29 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -527,8 +527,8 @@ class NWFilterFirewall(object):
     def nova_base_ipv4_filter(self):
         retval = "<filter name='nova-base-ipv4' chain='ipv4'>"
         for protocol in ['tcp', 'udp', 'icmp']:
-            for direction,action,priority in [('out','accept', 400),
-                                     ('in','drop', 399)]:
+            for direction,action,priority in [('out','accept', 399),
+                                     ('inout','drop', 400)]:
                 retval += """<rule action='%s' direction='%s' priority='%d'>
                                <%s />
                              </rule>""" % (action, direction,
@@ -540,8 +540,8 @@ class NWFilterFirewall(object):
     def nova_base_ipv6_filter(self):
         retval = "<filter name='nova-base-ipv6' chain='ipv6'>"
         for protocol in ['tcp', 'udp', 'icmp']:
-            for direction,action,priority in [('out','accept',400),
-                                     ('in','drop',399)]:
+            for direction,action,priority in [('out','accept',399),
+                                     ('inout','drop',400)]:
                 retval += """<rule action='%s' direction='%s' priority='%d'>
                                <%s-ipv6 />
                              </rule>""" % (action, direction,
-- 
cgit