openstack
/
neutron-fwaas
Code Issues Proposed changes

Merge "Modify an order between iptables and conntrack when update firewall"

This commit is contained in:
Jenkins 2017-06-08 14:29:18 +00:00 committed by Gerrit Code Review
parent 628b6f4207 6a31bfbb34
commit 43d6d29f13
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py
View File

@ -146,13 +146,13 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
{'fw_id': firewall['id'], 'tid': firewall['tenant_id']})
try:
if firewall['admin_state_up']:
self._setup_firewall(agent_mode, apply_list, firewall)
if self.pre_firewall:
self._remove_conntrack_updated_firewall(agent_mode,
apply_list, self.pre_firewall, firewall)
else:
self._remove_conntrack_new_firewall(agent_mode,
apply_list, firewall)
self._setup_firewall(agent_mode, apply_list, firewall)
else:
self.apply_default_policy(agent_mode, apply_list, firewall)
self.pre_firewall = dict(firewall)

2
neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py
View File

@ -131,13 +131,13 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
{'fw_id': firewall['id'], 'tid': firewall['tenant_id']})
try:
if firewall['admin_state_up']:
self._setup_firewall(agent_mode, apply_list, firewall)
if self.pre_firewall:
self._remove_conntrack_updated_firewall(agent_mode,
apply_list, self.pre_firewall, firewall)
else:
self._remove_conntrack_new_firewall(agent_mode,
apply_list, firewall)
self._setup_firewall(agent_mode, apply_list, firewall)
else:
self.apply_default_policy(agent_mode, apply_list, firewall)
self.pre_firewall = dict(firewall)