review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

author	Cedric Brandily <zzelle@gmail.com>
	Thu, 11 Dec 2014 13:10:30 +0000 (13:10 +0000)
committer	Cedric Brandily <zzelle@gmail.com>
	Wed, 7 Jan 2015 21:09:26 +0000 (21:09 +0000)
commit	2d9d77747d2a16a1bf944e15bf5a7b6fc5e3fe08
tree	b8852d9a65f910971bae263ecc5b21b04d231fcf	tree \| snapshot
parent	fcf0322c2a2608356378c3d56ab5ccaa34ad2f7a	commit \| diff

Correct l3-agent iptables rule for metadata proxy

2 iptables rules are defined to ensure the metadata proxy is reachable
from vms on 169.254.169.254:80:
* REDIRECT 169.254.169.254:80 packets to the router on port 9697
* ACCEPT traffic to 127.0.0.1 on port 9697

The REDIRECT rule replaces destination ip by:
* 127.0.0.1 if the packet is local,
* router ip (the one on the input interface, metadata proxy case).

So ACCEPT rule filter is not matched ... the metadata proxy is only
reachable because INPUT policy is ACCEPT.

This change removes the destination constraint in the ACCEPT rule.

Change-Id: Iea700bdd121bbc56a3489a63e2a5391867fad0d6
Closes-Bug: #1399462

neutron/agent/metadata/driver.py		diff \| blob \| history
neutron/tests/unit/agent/metadata/test_driver.py		diff \| blob \| history