OpenStack Compute (nova)

Merge lp:~soren/nova/lp707601 into lp:~hudson-openstack/nova/trunk

  1. lp707601
  2. Merge into trunk
Proposed by Soren Hansen
Status: Merged
Merged at revision: 614
Proposed branch: lp:~soren/nova/lp707601
Merge into: lp:~hudson-openstack/nova/trunk
Prerequisite: lp:~tpatil/nova/bug707554
Diff against target: 11 lines (+1/-0)
1 file modified
nova/virt/libvirt_conn.py (+1/-0)
To merge this branch: bzr merge lp:~soren/nova/lp707601
Reviewer Review Type Date Requested Status
Vish Ishaya (community) Approve
Devin Carlen (community) Approve
Review via email: mp+47458@code.launchpad.net

Description of the change

Perform same filtering for OUTPUT as FORWARD in iptables.

This removes a way around the filtering for traffic originating on the guests's host (not from VM's on the same host, but traffic from the host itself).

To post a comment you must log in.
Revision history for this message
Devin Carlen (devcamcar) wrote :

lgtm

review: Approve
Revision history for this message
Vish Ishaya (vishvananda) wrote :

lgtm

review: Approve
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

No proposals found for merge of lp:~tpatil/nova/bug707554 into lp:nova.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'nova/virt/libvirt_conn.py'
2--- nova/virt/libvirt_conn.py 2011-01-25 20:38:20 +0000
3+++ nova/virt/libvirt_conn.py 2011-01-25 22:42:54 +0000
4@@ -1228,6 +1228,7 @@
5
6 our_chains += [':nova-local - [0:0]']
7 our_rules += ['-A FORWARD -j nova-local']
8+ our_rules += ['-A OUTPUT -j nova-local']
9
10 security_groups = {}
11 # Add our chains