upstream/oracle/userland-gate: comparison components/openstack/neutron/files/agent/evs_l3

equal deleted inserted replaced

-:6c1c26005852
+:40c3d53194f6
 # for each of the internal ports, add Policy Based
 # Routing (PBR) rule
 for port in ri.internal_ports:
 internal_dlname = self.get_internal_device_name(port['id'])
-rules = ['pass in on %s to %s:%s from any to any' %
+rules = ['pass in on %s to %s:%s from any to !%s' %
-(internal_dlname, external_dlname, gw_ip)]
+(internal_dlname, external_dlname, gw_ip,
+port['subnet']['cidr'])]
 ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version
 ri.ipfilters_manager.add_ipf_rules(rules, ipversion)
 def external_gateway_removed(self, ri, ex_gw_port,
 external_dlname, internal_cidrs):
 gw_ip = ex_gw_port['subnet']['gateway_ip']
 if gw_ip:
 # remove PBR rules
 for port in ri.internal_ports:
 internal_dlname = self.get_internal_device_name(port['id'])
-rules = ['pass in on %s to %s:%s from any to any' %
+rules = ['pass in on %s to %s:%s from any to !%s' %
-(internal_dlname, external_dlname, gw_ip)]
+(internal_dlname, external_dlname, gw_ip,
+port['subnet']['cidr'])]
 ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version
 ri.ipfilters_manager.remove_ipf_rules(rules, ipversion)
 cmd = ['/usr/bin/pfexec', '/usr/sbin/route', 'delete', 'default',
 gw_ip]
 # network
 ex_gw_port = ri.ex_gw_port
 ex_gw_ip = (ex_gw_port['subnet']['gateway_ip'] if ex_gw_port else None)
 if ex_gw_ip:
 external_dlname = self.get_external_device_name(ex_gw_port['id'])
-rules.append('pass in on %s to %s:%s from any to any' %
+rules.append('pass in on %s to %s:%s from any to !%s' %
-(internal_dlname, external_dlname, ex_gw_ip))
+(internal_dlname, external_dlname, ex_gw_ip,
+port_subnet))
 ipversion = netaddr.IPNetwork(port_subnet).version
 ri.ipfilters_manager.add_ipf_rules(rules, ipversion)
 def internal_network_removed(self, ri, port):
 # external network addition
 ex_gw_port = ri.ex_gw_port
 ex_gw_ip = (ex_gw_port['subnet']['gateway_ip'] if ex_gw_port else None)
 if ex_gw_ip:
 external_dlname = self.get_external_device_name(ex_gw_port['id'])
-rules.append('pass in on %s to %s:%s from any to any' %
+rules.append('pass in on %s to %s:%s from any to !%s' %
-(internal_dlname, external_dlname, ex_gw_ip))
+(internal_dlname, external_dlname, ex_gw_ip,
+port_subnet))
 ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version
 ri.ipfilters_manager.remove_ipf_rules(rules, ipversion)
 # remove the ippool
 ri.ipfilters_manager.remove_ippool(block_pname, None)

branch	s11u2-sru
changeset 3438	40c3d53194f6
parent 3364	25975ce9e810
child 4072	db0cec748ec0