Merge "Do not defer IPTables apply in firewall path" into stable/icehouse

2014-06-17 05:30:00 +00:00 · 2014-06-17 05:30:00 +00:00 · b313e7c883
parent a40fac2a67 cd7a622d3b
commit b313e7c883
1 changed files with 6 additions and 5 deletions
--- a/neutron/services/firewall/drivers/linux/iptables_fwaas.py
+++ b/neutron/services/firewall/drivers/linux/iptables_fwaas.py
@ -71,7 +71,8 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
                ipt_mgr = router_info.iptables_manager
                self._remove_chains(fwid, ipt_mgr)
                self._remove_default_chains(ipt_mgr)
-                ipt_mgr.apply()
+                # apply the changes immediately (no defer in firewall path)
+                ipt_mgr.defer_apply_off()
        except (LookupError, RuntimeError):
            # catch known library exceptions and raise Fwaas generic exception
            LOG.exception(_("Failed to delete firewall: %s"), fwid)
@ -106,8 +107,8 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
                self._add_default_policy_chain_v4v6(ipt_mgr)
                self._enable_policy_chain(fwid, ipt_mgr)

-                # apply the changes
-                ipt_mgr.apply()
+                # apply the changes immediately (no defer in firewall path)
+                ipt_mgr.defer_apply_off()
        except (LookupError, RuntimeError):
            # catch known library exceptions and raise Fwaas generic exception
            LOG.exception(_("Failed to apply default policy on firewall: %s"),
@ -128,8 +129,8 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
            #create chain based on configured policy
            self._setup_chains(firewall, ipt_mgr)

-            # apply the changes
-            ipt_mgr.apply()
+            # apply the changes immediately (no defer in firewall path)
+            ipt_mgr.defer_apply_off()

    def _get_chain_name(self, fwid, ver, direction):
        return '%s%s%s' % (CHAIN_NAME_PREFIX[direction],