From 00fcb54769fdbe8828d7bd52a6636ffc5ad6c862 Mon Sep 17 00:00:00 2001
From: Soren Hansen <soren@linux2go.dk>
Date: Fri, 22 Jul 2011 22:49:16 +0200
Subject: ...and this is me snapping back into reality removing all trace of
 ipsets. Go me.

---
 nova/virt/libvirt/firewall.py | 30 ++++++++++--------------------
 1 file changed, 10 insertions(+), 20 deletions(-)

(limited to 'nova/virt')

diff --git a/nova/virt/libvirt/firewall.py b/nova/virt/libvirt/firewall.py
index aa36e4184..4d615058b 100644
--- a/nova/virt/libvirt/firewall.py
+++ b/nova/virt/libvirt/firewall.py
@@ -709,23 +709,14 @@ class IptablesFirewallDriver(FirewallDriver):
                     args += ['-s', rule.cidr]
                     fw_rules += [' '.join(args)]
                 else:
-                    LOG.info('Not using cidr %r', rule.cidr)
-                    if self.iptables.ipset_supported():
-                        LOG.info('ipset supported %r', rule.cidr)
-                        ipset = linux_net.IpSet('%s' % rule.group_id)
-                        args += ipset.iptables_source_match()
-                        fw_rules += [' '.join(args)]
-                    else:
-                        LOG.info('ipset unsupported %r', rule.cidr)
-                        LOG.info('rule.grantee_group.instances: %r', rule.grantee_group.instances)
-                        for instance in rule.grantee_group.instances:
-                            LOG.info('instance: %r', instance)
-                            ips = db.instance_get_fixed_addresses(ctxt,
-                                                                instance['id'])
-                            LOG.info('ips: %r', ips)
-                            for ip in ips:
-                                subrule = args + ['-s %s' % ip]
-                                fw_rules += [' '.join(subrule)]
+                    for instance in rule.grantee_group.instances:
+                        LOG.info('instance: %r', instance)
+                        ips = db.instance_get_fixed_addresses(ctxt,
+                                                            instance['id'])
+                        LOG.info('ips: %r', ips)
+                        for ip in ips:
+                            subrule = args + ['-s %s' % ip]
+                            fw_rules += [' '.join(subrule)]
 
                 LOG.info('Using fw_rules: %r', fw_rules)
         ipv4_rules += ['-j $sg-fallback']
@@ -738,9 +729,8 @@ class IptablesFirewallDriver(FirewallDriver):
         return self.nwfilter.instance_filter_exists(instance)
 
     def refresh_security_group_members(self, security_group):
-        if not self.iptables.ipset_supported():
-            self.do_refresh_security_group_rules(security_group)
-            self.iptables.apply()
+        self.do_refresh_security_group_rules(security_group)
+        self.iptables.apply()
 
     def refresh_security_group_rules(self, security_group, network_info=None):
         self.do_refresh_security_group_rules(security_group, network_info)
-- 
cgit