c8a32e5fa6
Ported the nova iptables manager code to neutron, so that we use iptables-save/restore with the -c flag to save/restore the chains and rules with their packet:byte counts. All other changes were ported as well to keep the code as similar as possible between the two, although they will be different as I had to fix other bugs found during testing. Updated tests accordingly to account for new calls and input/output changes in formatting. Changed iptables_firewall code to add iptables rules in the same order that iptables-save will print them: source/dest, protocol, sport, dport, target; else iptables_manager won't be able to find them to preserve their [packet:byte] counts. Tweaked other rules accordingly as necessary. Fixed a bug introduced in an earlier version of this patch where _modify_rules() sometimes wouldn't match an existing rule correctly if not top=true. Fixes bug 1125393 Change-Id: I858c552d8a7ae24f52f8e8daa05ac37026705773
40 KiB
40 KiB