Merge "Fix iptables rules comments" into stable/ussuri
This commit is contained in:
Zuul
Gerrit Code Review
commit
a75e214aa3
|
|
@ -387,6 +387,11 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
|
||||||
def _get_br_device_name(self, port):
|
def _get_br_device_name(self, port):
|
||||||
return ('brq' + port['network_id'])[:constants.LINUX_DEV_LEN]
|
return ('brq' + port['network_id'])[:constants.LINUX_DEV_LEN]
|
||||||
|
|
||||||
|
def _get_port_device_name(self, port):
|
||||||
|
if port['device'].startswith(constants.TAP_DEVICE_PREFIX):
|
||||||
|
return port['device'][4:]
|
||||||
|
return port['device']
|
||||||
|
|
||||||
def _get_jump_rules(self, port, create=True):
|
def _get_jump_rules(self, port, create=True):
|
||||||
zone = self.ipconntrack.get_device_zone(port, create=create)
|
zone = self.ipconntrack.get_device_zone(port, create=create)
|
||||||
if not zone:
|
if not zone:
|
||||||
|
|
@ -400,10 +405,10 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
|
||||||
if self._are_sg_rules_stateful(port_sg_rules):
|
if self._are_sg_rules_stateful(port_sg_rules):
|
||||||
# comment to prevent duplicate warnings for different devices using
|
# comment to prevent duplicate warnings for different devices using
|
||||||
# same bridge. truncate start to remove prefixes
|
# same bridge. truncate start to remove prefixes
|
||||||
comment = 'Set zone for %s' % port['device'][4:]
|
comment = 'Set zone for %s' % self._get_port_device_name(port)
|
||||||
conntrack = '--zone %s' % self.ipconntrack.get_device_zone(port)
|
conntrack = '--zone %s' % self.ipconntrack.get_device_zone(port)
|
||||||
else:
|
else:
|
||||||
comment = 'Make %s stateless' % port['device'][4:]
|
comment = 'Make %s stateless' % self._get_port_device_name(port)
|
||||||
conntrack = '--notrack'
|
conntrack = '--notrack'
|
||||||
rules = []
|
rules = []
|
||||||
for dev, match in ((br_dev, match_physdev), (br_dev, match_interface),
|
for dev, match in ((br_dev, match_physdev), (br_dev, match_interface),
|
||||||
|
|
|
||||||
|
|
@ -118,6 +118,15 @@ class BaseIptablesFirewallTestCase(base.BaseTestCase):
|
||||||
|
|
||||||
class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
|
class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
|
||||||
|
|
||||||
|
def test__get_port_device_name(self):
|
||||||
|
self.assertEqual(
|
||||||
|
"name",
|
||||||
|
self.firewall._get_port_device_name({'device': 'name'}))
|
||||||
|
self.assertEqual(
|
||||||
|
"name",
|
||||||
|
self.firewall._get_port_device_name(
|
||||||
|
{'device': '%s_name' % constants.TAP_DEVICE_PREFIX}))
|
||||||
|
|
||||||
def test_prepare_port_filter_with_no_sg(self):
|
def test_prepare_port_filter_with_no_sg(self):
|
||||||
port = self._fake_port()
|
port = self._fake_port()
|
||||||
self.firewall.prepare_port_filter(port)
|
self.firewall.prepare_port_filter(port)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue