Skip to content

Commit d841709

Browse files
committed
Merge remote-tracking branch 'origin/4.15' into main
2 parents 25206e4 + c1fc002 commit d841709

1 file changed

Lines changed: 3 additions & 1 deletion

File tree

scripts/vm/network/security_group.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1329,9 +1329,11 @@ def add_fw_framework(brname):
13291329

13301330
try:
13311331
refs = int(execute("""iptables -n -L %s | awk '/%s(.*)references/ {gsub(/\(/, "") ;print $3}'""" % (brfw,brfw)).strip())
1332+
refs_in = int(execute("""iptables -n -L %s-IN | awk '/%s-IN(.*)references/ {gsub(/\(/, "") ;print $3}'""" % (brfw,brfw)).strip())
1333+
refs_out = int(execute("""iptables -n -L %s-OUT | awk '/%s-OUT(.*)references/ {gsub(/\(/, "") ;print $3}'""" % (brfw,brfw)).strip())
13321334
refs6 = int(execute("""ip6tables -n -L %s | awk '/%s(.*)references/ {gsub(/\(/, "") ;print $3}'""" % (brfw,brfw)).strip())
13331335

1334-
if refs == 0:
1336+
if refs == 0 or refs_in == 0 or refs_out == 0:
13351337
execute("iptables -I FORWARD -i " + brname + " -j DROP")
13361338
execute("iptables -I FORWARD -o " + brname + " -j DROP")
13371339
execute("iptables -I FORWARD -i " + brname + " -m physdev --physdev-is-bridged -j " + brfw)

0 commit comments

Comments
 (0)