From: Aaron Rosen <aaronorosen@gmail.com>
Date: Fri, 6 Dec 2013 19:12:33 +0000 (-0800)
Subject: Remove dead code _arp_spoofing_rule()
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=b67b20832a5bfccd1bbf8d1e63ebcd7061856881;p=openstack-build%2Fneutron-build.git

Remove dead code _arp_spoofing_rule()

This code should have been removed when the allowed_address_pair
extension was added here (0efce6195fa7be80e110bd841dc9b3537a94c376).
The arp spoofing rules are handled in the method _setup_spoof_filter_chain().

Reported by: Amir Sadoughi that this was crud I left behind :)

Change-Id: Ib0e2e2a5c13fb8fa7af1f988510143f40ac335e2
Closes-bug: #1258629
---

diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py
index d12e214b3..b39c23e65 100644
--- a/neutron/agent/linux/iptables_firewall.py
+++ b/neutron/agent/linux/iptables_firewall.py
@@ -185,9 +185,6 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
                 for rule in port.get('security_group_rules', [])
                 if rule['direction'] == direction]
 
-    def _arp_spoofing_rule(self, port):
-        return '-m mac ! --mac-source %s -j DROP' % port['mac_address']
-
     def _setup_spoof_filter_chain(self, port, table, mac_ip_pairs, rules):
         if mac_ip_pairs:
             chain_name = self._port_chain_name(port, SPOOF_FILTER)