diff --git a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py index 067d39801..73bb443e1 100644 --- a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py +++ b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py @@ -146,13 +146,13 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase): {'fw_id': firewall['id'], 'tid': firewall['tenant_id']}) try: if firewall['admin_state_up']: + self._setup_firewall(agent_mode, apply_list, firewall) if self.pre_firewall: self._remove_conntrack_updated_firewall(agent_mode, apply_list, self.pre_firewall, firewall) else: self._remove_conntrack_new_firewall(agent_mode, apply_list, firewall) - self._setup_firewall(agent_mode, apply_list, firewall) else: self.apply_default_policy(agent_mode, apply_list, firewall) self.pre_firewall = dict(firewall) diff --git a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py index d31db23e8..03da897d2 100644 --- a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py +++ b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py @@ -131,13 +131,13 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase): {'fw_id': firewall['id'], 'tid': firewall['tenant_id']}) try: if firewall['admin_state_up']: + self._setup_firewall(agent_mode, apply_list, firewall) if self.pre_firewall: self._remove_conntrack_updated_firewall(agent_mode, apply_list, self.pre_firewall, firewall) else: self._remove_conntrack_new_firewall(agent_mode, apply_list, firewall) - self._setup_firewall(agent_mode, apply_list, firewall) else: self.apply_default_policy(agent_mode, apply_list, firewall) self.pre_firewall = dict(firewall)