diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py index ca6835a9efd..24b9ba979c9 100644 --- a/neutron/agent/linux/iptables_firewall.py +++ b/neutron/agent/linux/iptables_firewall.py @@ -186,7 +186,6 @@ class IptablesFirewallDriver(firewall.FirewallDriver): def prepare_port_filter(self, port): LOG.debug("Preparing device (%s) filter", port['device']) - self._remove_chains() self._set_ports(port) self._enable_netfilter_for_bridges() # each security group has it own chains diff --git a/neutron/tests/unit/agent/linux/test_iptables_firewall.py b/neutron/tests/unit/agent/linux/test_iptables_firewall.py index 0c6d71ea70c..a35b087947c 100644 --- a/neutron/tests/unit/agent/linux/test_iptables_firewall.py +++ b/neutron/tests/unit/agent/linux/test_iptables_firewall.py @@ -125,7 +125,6 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): mock.call.add_rule( 'sg-fallback', '-j DROP', comment=ic.UNMATCH_DROP), - mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule('FORWARD', @@ -981,7 +980,6 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): 'sg-fallback', '-j DROP', comment=ic.UNMATCH_DROP), - mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule('FORWARD', @@ -1253,7 +1251,6 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): 'sg-fallback', '-j DROP', comment=ic.UNMATCH_DROP), - mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule( @@ -1494,7 +1491,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): self.firewall.prepare_port_filter(port_prepare) self.firewall.update_port_filter(port_update) self.firewall.remove_port_filter(port_update) - chain_applies.assert_has_calls([mock.call.remove({}, {}), + chain_applies.assert_has_calls([ mock.call.setup({'d1': port_prepare}, {}), mock.call.remove({'d1': port_prepare}, {}), mock.call.setup({'d1': port_update}, {}), @@ -1508,8 +1505,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): self.firewall.prepare_port_filter(port) with self.firewall.defer_apply(): self.firewall.remove_port_filter(port) - chain_applies.assert_has_calls([mock.call.remove({}, {}), - mock.call.setup(device2port, {}), + chain_applies.assert_has_calls([mock.call.setup(device2port, {}), mock.call.remove(device2port, {}), mock.call.setup({}, {})]) @@ -1544,7 +1540,6 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): mock.call.add_rule( 'sg-fallback', '-j DROP', comment=ic.UNMATCH_DROP), - mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule('FORWARD', @@ -1629,7 +1624,6 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): mock.call.add_rule( 'sg-fallback', '-j DROP', comment=ic.UNMATCH_DROP), - mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule('FORWARD',