diff --git a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py index 9aa8822c4..d6d50aa29 100644 --- a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py +++ b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py @@ -123,13 +123,13 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase): {'fw_id': firewall['id'], 'tid': firewall['tenant_id']}) try: if firewall['admin_state_up']: + self._setup_firewall(agent_mode, apply_list, firewall) if self.pre_firewall: self._remove_conntrack_updated_firewall(agent_mode, apply_list, self.pre_firewall, firewall) else: self._remove_conntrack_new_firewall(agent_mode, apply_list, firewall) - self._setup_firewall(agent_mode, apply_list, firewall) else: self.apply_default_policy(agent_mode, apply_list, firewall) self.pre_firewall = dict(firewall) diff --git a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py index 44b83ad02..ad5a7f936 100644 --- a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py +++ b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py @@ -131,13 +131,13 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase): {'fw_id': firewall['id'], 'tid': firewall['tenant_id']}) try: if firewall['admin_state_up']: + self._setup_firewall(agent_mode, apply_list, firewall) if self.pre_firewall: self._remove_conntrack_updated_firewall(agent_mode, apply_list, self.pre_firewall, firewall) else: self._remove_conntrack_new_firewall(agent_mode, apply_list, firewall) - self._setup_firewall(agent_mode, apply_list, firewall) else: self.apply_default_policy(agent_mode, apply_list, firewall) self.pre_firewall = dict(firewall)