review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

author	Kevin Benton <blak111@gmail.com>
	Mon, 5 Oct 2015 14:36:39 +0000 (07:36 -0700)
committer	Kevin Benton <kevinbenton@buttewifi.com>
	Mon, 12 Oct 2015 01:34:55 +0000 (01:34 +0000)
commit	292bdff78b91320ea40739e1ceb01c3cb1a31cc8
tree	bfd23fc3d55273f64292b8829ba7fd17bf233c17	tree \| snapshot
parent	f3ccc38c88c0c479046b155eefbff51a22d59e0a	commit \| diff

Fix iptables modules references in rule generation

The way we were generating rules with module references
for TCP, UDP, and ICMP was not matching the output of
iptables-save so all of the counters for those rules
were being destroyed on each iptables reload.

This patch corrects the generation so it's in line with
iptables-save output. It uses the matching module name only
when a specific port number or port range is specified.
It also uses the full 'ipv6-icmp' protocol name that shows
up in the output rather than 'icmpv6'.

Closes-Bug: #1502924
Change-Id: I1bf9a85cd299a7618d29c72991612898c5437442

neutron/agent/linux/iptables_firewall.py		diff \| blob \| history
neutron/tests/unit/agent/linux/test_iptables_firewall.py		diff \| blob \| history
neutron/tests/unit/agent/test_securitygroups_rpc.py		diff \| blob \| history