From d47886e16504cc92d0f9b33e02417229970d3efb Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Mon, 31 Jan 2011 16:02:29 -0500
Subject: Reorder insance rules for provider rules immediately after base,
 before secgroups.

---
 nova/virt/libvirt_conn.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 2f99a0bb1..ec6572d3f 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1161,7 +1161,8 @@ class NWFilterFirewall(FirewallDriver):
 
         instance_filter_name = self._instance_filter_name(instance)
         instance_secgroup_filter_name = '%s-secgroup' % (instance_filter_name,)
-        instance_filter_children = [base_filter, instance_secgroup_filter_name]
+        instance_filter_children = [base_filter, 'nova-provider-rules',
+                                    instance_secgroup_filter_name]
         instance_secgroup_filter_children = ['nova-base-ipv4',
                                              'nova-base-ipv6',
                                              'nova-allow-dhcp-server']
@@ -1185,8 +1186,6 @@ class NWFilterFirewall(FirewallDriver):
             instance_secgroup_filter_children += [('nova-secgroup-%s' %
                                                          security_group['id'])]
 
-        instance_filter_children += ['nova-provider-rules']
-
         self._define_filter(
                     self._filter_container(instance_secgroup_filter_name,
                                            instance_secgroup_filter_children))
-- 
cgit