Merge "Do not try and remove non-existent iptables chains"

2017-01-24 11:59:24 +00:00 · 2017-01-24 11:59:24 +00:00 · 403d4e820d
parent 17de082a79 6958829471
commit 403d4e820d
2 changed files with 2 additions and 9 deletions
--- a/neutron/agent/linux/iptables_firewall.py
+++ b/neutron/agent/linux/iptables_firewall.py
@ -186,7 +186,6 @@ class IptablesFirewallDriver(firewall.FirewallDriver):

    def prepare_port_filter(self, port):
        LOG.debug("Preparing device (%s) filter", port['device'])
-        self._remove_chains()
        self._set_ports(port)
        self._enable_netfilter_for_bridges()
        # each security group has it own chains
--- a/neutron/tests/unit/agent/linux/test_iptables_firewall.py
+++ b/neutron/tests/unit/agent/linux/test_iptables_firewall.py
@ -125,7 +125,6 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
                 mock.call.add_rule(
                     'sg-fallback', '-j DROP',
                     comment=ic.UNMATCH_DROP),
-                 mock.call.remove_chain('sg-chain'),
                 mock.call.add_chain('sg-chain'),
                 mock.call.add_chain('ifake_dev'),
                 mock.call.add_rule('FORWARD',
@ -981,7 +980,6 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
                     'sg-fallback',
                     '-j DROP',
                     comment=ic.UNMATCH_DROP),
-                 mock.call.remove_chain('sg-chain'),
                 mock.call.add_chain('sg-chain'),
                 mock.call.add_chain('ifake_dev'),
                 mock.call.add_rule('FORWARD',
@ -1253,7 +1251,6 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
                     'sg-fallback',
                     '-j DROP',
                     comment=ic.UNMATCH_DROP),
-                 mock.call.remove_chain('sg-chain'),
                 mock.call.add_chain('sg-chain'),
                 mock.call.add_chain('ifake_dev'),
                 mock.call.add_rule(
@ -1494,7 +1491,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
        self.firewall.prepare_port_filter(port_prepare)
        self.firewall.update_port_filter(port_update)
        self.firewall.remove_port_filter(port_update)
-        chain_applies.assert_has_calls([mock.call.remove({}, {}),
+        chain_applies.assert_has_calls([
                                mock.call.setup({'d1': port_prepare}, {}),
                                mock.call.remove({'d1': port_prepare}, {}),
                                mock.call.setup({'d1': port_update}, {}),
@ -1508,8 +1505,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
        self.firewall.prepare_port_filter(port)
        with self.firewall.defer_apply():
            self.firewall.remove_port_filter(port)
-        chain_applies.assert_has_calls([mock.call.remove({}, {}),
-                                        mock.call.setup(device2port, {}),
+        chain_applies.assert_has_calls([mock.call.setup(device2port, {}),
                                        mock.call.remove(device2port, {}),
                                        mock.call.setup({}, {})])

@ -1544,7 +1540,6 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
                 mock.call.add_rule(
                     'sg-fallback', '-j DROP',
                     comment=ic.UNMATCH_DROP),
-                 mock.call.remove_chain('sg-chain'),
                 mock.call.add_chain('sg-chain'),
                 mock.call.add_chain('ifake_dev'),
                 mock.call.add_rule('FORWARD',
@ -1629,7 +1624,6 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
                 mock.call.add_rule(
                     'sg-fallback', '-j DROP',
                     comment=ic.UNMATCH_DROP),
-                 mock.call.remove_chain('sg-chain'),
                 mock.call.add_chain('sg-chain'),
                 mock.call.add_chain('ifake_dev'),
                 mock.call.add_rule('FORWARD',