Revision d72c9d4f src/vnm_mad/remotes/lib/security_groups_iptables.rb

View differences:

src/vnm_mad/remotes/lib/security_groups_iptables.rb
489 489
        chain_out = vars[:chain_out]
490 490

  
491 491
        commands = VNMNetwork::Commands.new
492
        commands.add :iptables, "-A #{chain_in} -j DROP"
492

  
493
        commands.add :iptables, "-A #{chain_in}  -j DROP"
493 494
        commands.add :iptables, "-A #{chain_out} -j DROP"
494
        commands.add :ip6tables, "-A #{chain_in} -j DROP"
495

  
496
        commands.add :ip6tables, "-A #{chain_in}  -j DROP"
495 497
        commands.add :ip6tables, "-A #{chain_out} -j DROP"
496 498

  
497 499
        commands.run!
......
504 506
        chain_in  = vars[:chain_in]
505 507
        chain_out = vars[:chain_out]
506 508

  
507
        info              = self.info
508
        iptables_forwards = info[:iptables_forwards]
509
        iptables_s        = info[:iptables_s]
510
        ip6tables_forwards= info[:ip6tables_forwards]
511
        ip6tables_s       = info[:ip6tables_s]
512
        ipset_list        = info[:ipset_list]
509
        info = self.info
510

  
511
        iptables_forwards  = info[:iptables_forwards]
512
        iptables_s         = info[:iptables_s]
513

  
514
        ip6tables_forwards = info[:ip6tables_forwards]
515
        ip6tables_s        = info[:ip6tables_s]
516

  
517
        ipset_list = info[:ipset_list]
513 518

  
514 519
        commands = VNMNetwork::Commands.new
515 520

  
......
532 537
        remove_chains = []
533 538
        iptables_s.lines.each do |line|
534 539
            if line.match(/^-N #{chain}(-|$)/)
535
                 remove_chains << line.split[1]
540
                remove_chains << line.split[1]
536 541
            end
537 542
        end
538 543
        remove_chains.each {|c| commands.add :iptables, "-F #{c}" }
539 544
        remove_chains.each {|c| commands.add :iptables, "-X #{c}" }
540
        remove_chains.each {|c| commands.add :ip6tables, "-F #{c}" }
541
        remove_chains.each {|c| commands.add :ip6tables, "-X #{c}" }
545

  
546
        remove_chains_6 = []
547
        ip6tables_s.lines.each do |line|
548
            if line.match(/^-N #{chain}(-|$)/)
549
                remove_chains_6 << line.split[1]
550
            end
551
        end
552
        remove_chains_6.each {|c| commands.add :ip6tables, "-F #{c}" }
553
        remove_chains_6.each {|c| commands.add :ip6tables, "-X #{c}" }
542 554

  
543 555
        ipset_list.lines.each do |line|
544 556
            if line.match(/^#{chain}(-|$)/)

Also available in: Unified diff