]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commitdiff
Code Review / openstack-build / neutron-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: d5c0a37)
Do not defer IPTables apply in firewall path
authorRajesh Mohan <rajesh_mohan3@dell.com>
Wed, 21 May 2014 02:41:26 +0000 (19:41 -0700)
committerRajesh Mohan <rajesh_mohan3@dell.com>
Wed, 21 May 2014 18:34:34 +0000 (11:34 -0700)
By default, iptables apply is deferred in L3 agent. For
external gateways, iptables is applied immediately (to
enable NAT for floating IP). Similarly, when firewall
is created/updated/deleted, iptable rules are applies
immediately.

Change-Id: I4f652a030ae23a71a2e20af2e8ef0ad5b882b80e
Closes-Bug: #1320775

neutron/services/firewall/drivers/linux/iptables_fwaas.py patch | blob | history

diff --git a/neutron/services/firewall/drivers/linux/iptables_fwaas.py b/neutron/services/firewall/drivers/linux/iptables_fwaas.py
index af3c44e4512768dad243cc9a8478e0892e713310..00a3ed7922c152791ca16da19db817991abe303c 100644 (file)
--- a/neutron/services/firewall/drivers/linux/iptables_fwaas.py
+++ b/neutron/services/firewall/drivers/linux/iptables_fwaas.py
@@ -70,7 +70,8 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
                 ipt_mgr = router_info.iptables_manager
                 self._remove_chains(fwid, ipt_mgr)
                 self._remove_default_chains(ipt_mgr)
-                ipt_mgr.apply()
+                # apply the changes immediately (no defer in firewall path)
+                ipt_mgr.defer_apply_off()
         except (LookupError, RuntimeError):
             # catch known library exceptions and raise Fwaas generic exception
             LOG.exception(_("Failed to delete firewall: %s"), fwid)
@@ -105,8 +106,8 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
                 self._add_default_policy_chain_v4v6(ipt_mgr)
                 self._enable_policy_chain(fwid, ipt_mgr)
 
-                # apply the changes
-                ipt_mgr.apply()
+                # apply the changes immediately (no defer in firewall path)
+                ipt_mgr.defer_apply_off()
         except (LookupError, RuntimeError):
             # catch known library exceptions and raise Fwaas generic exception
             LOG.exception(_("Failed to apply default policy on firewall: %s"),
@@ -127,8 +128,8 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
             #create chain based on configured policy
             self._setup_chains(firewall, ipt_mgr)
 
-            # apply the changes
-            ipt_mgr.apply()
+            # apply the changes immediately (no defer in firewall path)
+            ipt_mgr.defer_apply_off()
 
     def _get_chain_name(self, fwid, ver, direction):
         return '%s%s%s' % (CHAIN_NAME_PREFIX[direction],