From cddf3388993539aad450de017070d7902d8ee29f Mon Sep 17 00:00:00 2001
From: Darragh O'Reilly <darragh.oreilly@hp.com>
Date: Wed, 3 Dec 2014 19:51:16 +0000
Subject: [PATCH] Make lb mechanism driver use enable_security_group flag

This patch allows Neutron security groups to be enabled or
disabled with the enable_security_group flag when using the
linuxbridge ml2 mechanism driver.

Closes-Bug: #1398996
Change-Id: I883c67c93e85668cd9d90b0486e448d906fdf8ed
---
 neutron/plugins/ml2/drivers/mech_linuxbridge.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/neutron/plugins/ml2/drivers/mech_linuxbridge.py b/neutron/plugins/ml2/drivers/mech_linuxbridge.py
index 2c52c2950..11d82d766 100644
--- a/neutron/plugins/ml2/drivers/mech_linuxbridge.py
+++ b/neutron/plugins/ml2/drivers/mech_linuxbridge.py
@@ -13,6 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from neutron.agent import securitygroups_rpc
 from neutron.common import constants
 from neutron.extensions import portbindings
 from neutron.i18n import _LW
@@ -34,10 +35,11 @@ class LinuxbridgeMechanismDriver(mech_agent.SimpleAgentMechanismDriverBase):
     """
 
     def __init__(self):
+        sg_enabled = securitygroups_rpc.is_firewall_enabled()
         super(LinuxbridgeMechanismDriver, self).__init__(
             constants.AGENT_TYPE_LINUXBRIDGE,
             portbindings.VIF_TYPE_BRIDGE,
-            {portbindings.CAP_PORT_FILTER: True})
+            {portbindings.CAP_PORT_FILTER: sg_enabled})
 
     def check_segment_for_agent(self, segment, agent):
         mappings = agent['configurations'].get('interface_mappings', {})
-- 
2.45.2