Merge "Remove references to 0.0.0.0/0 in iptable rules"

2015-03-06 17:22:04 +00:00 · 2015-03-06 17:22:04 +00:00 · e742b4dd1c
parent aeae583fa5 deaa70bd75
commit e742b4dd1c
2 changed files with 6 additions and 6 deletions
--- a/neutron/agent/metadata/driver.py
+++ b/neutron/agent/metadata/driver.py
@ -88,12 +88,12 @@ class MetadataDriver(advanced_service.AdvancedService):
    @classmethod
    def metadata_filter_rules(cls, port, mark):
        return [('INPUT', '-m mark --mark %s -j ACCEPT' % mark),
-                ('INPUT', '-s 0.0.0.0/0 -p tcp -m tcp --dport %s '
+                ('INPUT', '-p tcp -m tcp --dport %s '
                 '-j DROP' % port)]

    @classmethod
    def metadata_mangle_rules(cls, mark):
-        return [('PREROUTING', '-s 0.0.0.0/0 -d 169.254.169.254/32 '
+        return [('PREROUTING', '-d 169.254.169.254/32 '
                 '-p tcp -m tcp --dport 80 '
                 '-j MARK --set-xmark %(value)s/%(mask)s' %
                 {'value': mark,
@ -101,7 +101,7 @@ class MetadataDriver(advanced_service.AdvancedService):

    @classmethod
    def metadata_nat_rules(cls, port):
-        return [('PREROUTING', '-s 0.0.0.0/0 -d 169.254.169.254/32 '
+        return [('PREROUTING', '-d 169.254.169.254/32 '
                 '-p tcp -m tcp --dport 80 -j REDIRECT '
                 '--to-port %s' % port)]

--- a/neutron/tests/unit/agent/metadata/test_driver.py
+++ b/neutron/tests/unit/agent/metadata/test_driver.py
@ -33,7 +33,7 @@ _uuid = uuidutils.generate_uuid
 class TestMetadataDriverRules(base.BaseTestCase):

    def test_metadata_nat_rules(self):
-        rules = ('PREROUTING', '-s 0.0.0.0/0 -d 169.254.169.254/32 '
+        rules = ('PREROUTING', '-d 169.254.169.254/32 '
                 '-p tcp -m tcp --dport 80 -j REDIRECT --to-port 8775')
        self.assertEqual(
            [rules],
@ -41,13 +41,13 @@ class TestMetadataDriverRules(base.BaseTestCase):

    def test_metadata_filter_rules(self):
        rules = [('INPUT', '-m mark --mark 0x1 -j ACCEPT'),
-                 ('INPUT', '-s 0.0.0.0/0 -p tcp -m tcp --dport 8775 -j DROP')]
+                 ('INPUT', '-p tcp -m tcp --dport 8775 -j DROP')]
        self.assertEqual(
            rules,
            metadata_driver.MetadataDriver.metadata_filter_rules(8775, '0x1'))

    def test_metadata_mangle_rules(self):
-        rule = ('PREROUTING', '-s 0.0.0.0/0 -d 169.254.169.254/32 '
+        rule = ('PREROUTING', '-d 169.254.169.254/32 '
                '-p tcp -m tcp --dport 80 '
                '-j MARK --set-xmark 0x1/%s' %
                metadata_driver.METADATA_ACCESS_MARK_MASK)