From b67b20832a5bfccd1bbf8d1e63ebcd7061856881 Mon Sep 17 00:00:00 2001 From: Aaron Rosen Date: Fri, 6 Dec 2013 11:12:33 -0800 Subject: [PATCH] Remove dead code _arp_spoofing_rule() This code should have been removed when the allowed_address_pair extension was added here (0efce6195fa7be80e110bd841dc9b3537a94c376). The arp spoofing rules are handled in the method _setup_spoof_filter_chain(). Reported by: Amir Sadoughi that this was crud I left behind :) Change-Id: Ib0e2e2a5c13fb8fa7af1f988510143f40ac335e2 Closes-bug: #1258629 --- neutron/agent/linux/iptables_firewall.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py index d12e214b3..b39c23e65 100644 --- a/neutron/agent/linux/iptables_firewall.py +++ b/neutron/agent/linux/iptables_firewall.py @@ -185,9 +185,6 @@ class IptablesFirewallDriver(firewall.FirewallDriver): for rule in port.get('security_group_rules', []) if rule['direction'] == direction] - def _arp_spoofing_rule(self, port): - return '-m mac ! --mac-source %s -j DROP' % port['mac_address'] - def _setup_spoof_filter_chain(self, port, table, mac_ip_pairs, rules): if mac_ip_pairs: chain_name = self._port_chain_name(port, SPOOF_FILTER) -- 2.45.2