openstack/neutron
Code Issues Proposed changes

Merge "Don't match input interface in POSTROUTING table"

Browse Source
This commit is contained in:
Zuul 2019-07-02 14:59:25 +00:00 committed by Gerrit Code Review
commit 29ccecebd7
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
neutron/agent/l3/router_info.py
View File

@ -883,9 +883,8 @@ class RouterInfo(BaseRouterInfo):
def _prevent_snat_for_internal_traffic_rule(self, interface_name): def _prevent_snat_for_internal_traffic_rule(self, interface_name):
return ( return (
'POSTROUTING', '! -i %(interface_name)s ' 'POSTROUTING', '! -o %(interface_name)s -m conntrack '
'! -o %(interface_name)s -m conntrack ! ' '! --ctstate DNAT -j ACCEPT' %
'--ctstate DNAT -j ACCEPT' %
{'interface_name': interface_name}) {'interface_name': interface_name})
def external_gateway_nat_fip_rules(self, ex_gw_ip, interface_name): def external_gateway_nat_fip_rules(self, ex_gw_ip, interface_name):