From 8a5611f9b2fa632ccfcd04523ee42f69b223ea6e Mon Sep 17 00:00:00 2001
From: Soren Hansen <soren@linux2go.dk>
Date: Fri, 2 Sep 2011 13:44:10 +0200
Subject: Fix protocol-less security groups.

---
 nova/virt/libvirt/firewall.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'nova/virt')

diff --git a/nova/virt/libvirt/firewall.py b/nova/virt/libvirt/firewall.py
index c2f4f91e8..dfa1deba7 100644
--- a/nova/virt/libvirt/firewall.py
+++ b/nova/virt/libvirt/firewall.py
@@ -663,7 +663,9 @@ class IptablesFirewallDriver(FirewallDriver):
                 if version == 6 and rule.protocol == 'icmp':
                     protocol = 'icmpv6'
 
-                args = ['-j ACCEPT', '-p', protocol]
+                args = ['-j ACCEPT']
+                if protocol:
+                    args += ['-p', protocol]
 
                 if protocol in ['udp', 'tcp']:
                     if rule.from_port == rule.to_port:
-- 
cgit