Fix FIP DNAT rule match_ports bug

When we create FIP in Neutron, default DNAT is created without passing match_ports to add_fip_nat_rules. However, when adding nat rules, [] is not None, and it goes ahead to create default DNAT rule only allowing TCP protocol which is wrong. We should ANY protocol for FIP DNAT. Closes-Bug: #1672939 Change-Id: Ib3743018646c521923bb8bbc5fad1409eb4fbe16
2017-03-14 16:12:51 +00:00 · 2017-03-14 16:12:51 +00:00 · 4fa7c0da15
parent e32c31e3cc
commit 4fa7c0da15
2 changed files with 2 additions and 2 deletions
--- a/vmware_nsxlib/v3/init.py
+++ b/vmware_nsxlib/v3/init.py
@ -416,7 +416,7 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
            body['match_destination_network'] = dest_net
        if rule_priority:
            body['rule_priority'] = rule_priority
-        if match_ports is not None:
+        if match_ports:
            body['match_service'] = {
                'resource_type': (match_resource_type or
                                  nsx_constants.L4_PORT_SET_NSSERVICE),
--- a/vmware_nsxlib/v3/router.py
+++ b/vmware_nsxlib/v3/router.py
@ -172,7 +172,7 @@ class RouterLib(object):
            translated_network=int_ip,
            dest_net=ext_ip,
            rule_priority=FIP_NAT_PRI,
-            match_ports=match_ports or [])
+            match_ports=match_ports)

    def delete_fip_nat_rules_by_internal_ip(self, logical_router_id, int_ip):
        self.nsxlib.logical_router.delete_nat_rule_by_values(