summaryrefslogtreecommitdiffstats
path: root/roles/os_firewall/library
diff options
context:
space:
mode:
authorAndrew Butcher <abutcher@redhat.com>2016-06-27 10:20:38 -0400
committerAndrew Butcher <abutcher@redhat.com>2016-06-27 15:31:40 -0400
commite88c4dc7765ae94e31c0050fabe64c213d08204c (patch)
tree2749266c6bfdcdb82d712793e7b09f645c5bd3f6 /roles/os_firewall/library
parentbf520e46e6916a4c9995ea95fa40cdd25f31209e (diff)
downloadopenshift-e88c4dc7765ae94e31c0050fabe64c213d08204c.tar.gz
openshift-e88c4dc7765ae94e31c0050fabe64c213d08204c.tar.bz2
openshift-e88c4dc7765ae94e31c0050fabe64c213d08204c.tar.xz
openshift-e88c4dc7765ae94e31c0050fabe64c213d08204c.zip
Check if last rule is DROP when inserting iptables rules.
Diffstat (limited to 'roles/os_firewall/library')
-rwxr-xr-xroles/os_firewall/library/os_firewall_manage_iptables.py10
1 files changed, 5 insertions, 5 deletions
diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py
index 1cb539a8c..190016c14 100755
--- a/roles/os_firewall/library/os_firewall_manage_iptables.py
+++ b/roles/os_firewall/library/os_firewall_manage_iptables.py
@@ -37,14 +37,14 @@ class IpTablesSaveError(IpTablesError):
class IpTablesCreateChainError(IpTablesError):
- def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long
+ def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name
super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code,
output)
self.chain = chain
class IpTablesCreateJumpRuleError(IpTablesError):
- def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long
+ def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name
super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code,
output)
self.chain = chain
@@ -152,11 +152,11 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes
continue
last_rule_target = rule[1]
- # Naively assume that if the last row is a REJECT rule, then
- # we can add insert our rule right before it, otherwise we
+ # Naively assume that if the last row is a REJECT or DROP rule,
+ # then we can insert our rule right before it, otherwise we
# assume that we can just append the rule.
if (last_rule_num and last_rule_target
- and last_rule_target == 'REJECT'):
+ and last_rule_target in ['REJECT', 'DROP']):
# insert rule
cmd = self.cmd + ['-I', self.jump_rule_chain,
str(last_rule_num)]