review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

author	Xuhan Peng <xuhanp@cn.ibm.com>
	Fri, 7 Mar 2014 01:55:28 +0000 (20:55 -0500)
committer	Xuhan Peng <xuhanp@cn.ibm.com>
	Mon, 17 Mar 2014 07:06:21 +0000 (15:06 +0800)
commit	9c64da0a642148750d7e930d77278aa0977edf81
tree	6c2975b3bc05220517846d9f3380053e406748a7	tree \| snapshot
parent	ac141c28356c49ee0f88e93abbe5f02ac9abf95d	commit \| diff

Process ICMP type for iptables firewall

In current security group code, source_port_range_min
and source_port_range_max are used to specify icmp type
and code when security group rule protocol is icmp.
However, the code _port_arg in iptables_firewall called
by _convert_sgr_to_iptables_rules skips protocol icmp
when processing the arg. This happens to both ipv4 and
ipv6 icmp firewall rules.

This fix adds --icmp-type to iptables firewall rule when
icmp type is specified.

Closes-Bug: 1289088

Change-Id: Iebf109f246d47cffc26ab3c2cf113234a4b2cffe

neutron/agent/linux/iptables_firewall.py		diff \| blob \| history
neutron/tests/unit/test_iptables_firewall.py		diff \| blob \| history