~soren/nova/doc-build-dir
» Revision
796
: plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py
« back to all changes in this revision
Viewing changes to plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py
- browse files at revision 796
- compare with another revision
- download diff
- download tarball
- view history from revision 796
- Committer: Tarmac
- Author(s): Eric Windisch
- Date: 2011-03-14 14:39:50 UTC
- mfrom: (786.3.2 nova)
- Revision ID: tarmac-20110314143950-ox02p2fw1v6qwne2
fixes: 733137
- files modified:
- plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py
added
removed
plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py
54
54
55
55
def execute(*command, return_stdout=False):
56
56
devnull = open(os.devnull, 'w')
57
command = map(str, command)
57
58
proc = subprocess.Popen(command, close_fds=True,
58
59
stdout=subprocess.PIPE, stderr=devnull)
59
60
devnull.close()
71
72
iptables = lambda *rule: execute('/sbin/iptables', *rule)
72
73
73
74
iptables('-D', 'FORWARD', '-m', 'physdev',
74
'--physdev-in', '%(VIF)s' % params,
75
'-s', '%(IP)s' % params,
75
'--physdev-in', params['VIF'],
76
'-s', params['IP'],
76
77
'-j', 'ACCEPT')
77
78
if command == 'online':
78
79
iptables('-A', 'FORWARD', '-m', 'physdev',
79
'--physdev-in', '%(VIF)s' % params,
80
'-s', '%(IP)s' % params,
80
'--physdev-in', params['VIF'],
81
'-s', params['IP'],
81
82
'-j', 'ACCEPT')
82
83
83
84
85
86
arptables = lambda *rule: execute('/sbin/arptables', *rule)
86
87
87
88
arptables('-D', 'FORWARD', '--opcode', 'Request',
88
'--in-interface', '%(VIF)s' % params,
89
'--source-ip', '%(IP)s' % params,
90
'--source-mac', '%(MAC)s' % params,
89
'--in-interface', params['VIF'],
90
'--source-ip', params['IP'],
91
'--source-mac', params['MAC'],
91
92
'-j', 'ACCEPT')
92
93
arptables('-D', 'FORWARD', '--opcode', 'Reply',
93
'--in-interface', '%(VIF)s' % params,
94
'--source-ip', '%(IP)s' % params,
95
'--source-mac', '%(MAC)s' % params,
94
'--in-interface', params['VIF'],
95
'--source-ip', params['IP'],
96
'--source-mac', params['MAC'],
96
97
'-j', 'ACCEPT')
97
98
if command == 'online':
98
99
arptables('-A', 'FORWARD', '--opcode', 'Request',
99
'--in-interface', '%(VIF)s' % params
100
'--source-ip', '%(IP)s' % params,
101
'--source-mac', '%(MAC)s' % params,
100
'--in-interface', params['VIF'],
101
'--source-mac', params['MAC'],
102
102
'-j', 'ACCEPT')
103
103
arptables('-A', 'FORWARD', '--opcode', 'Reply',
104
'--in-interface', '%(VIF)s' % params,
105
'--source-ip', '%(IP)s' % params,
106
'--source-mac', '%(MAC)s' % params,
104
'--in-interface', params['VIF'],
105
'--source-ip', params['IP'],
106
'--source-mac', params['MAC'],
107
107
'-j', 'ACCEPT')
108
108
109
109
130
130
'-i', params['VIF'], '-j', 'DROP')
131
131
if command == 'online':
132
132
ebtables('-I', 'FORWARD', '1', '-s', '!', params['MAC'],
133
'-i', '%(VIF)s', '-j', 'DROP')
133
'-i', params['VIF'], '-j', 'DROP')
134
134
135
135
136
136
if __name__ == "__main__":
Loggerhead is a web-based interface for Breezy
Version: 2.0.1