[openstack-dev] [Neutron] Selectively disabling certain built in iptables rules

CARVER, PAUL pc2929 at att.com
Tue Jan 21 12:10:21 UTC 2014

Feel free to tell me this is a bad idea and scold me for even asking, but please help me figure out how to do it anyway. This is for a specific tenant in a specific lab that was built specifically for that one tenant to do some experimental work that requires VMs to route and other VMs to act as DHCP/PXEBoot servers.

I need to wrap a conditional around this line https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py#L201 and this line https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py#L241 for specific VM instances.

The criteria could be something like pattern matching on the instance name, or based on a specific flavor image type. I don't much care what the criteria is as long as it's something the tenant can control. What I'm hoping someone can provide me with is an example line of code or two with which I can examine some property of the image that has been created from within the specific file referenced above in order to wrap if statements around those two lines of code so that I can prevent them from adding those specific iptables rules in the specific cases where my tenant needs to either route or respond to DHCP.


Paul Carver

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140121/7e71383d/attachment.html>

More information about the OpenStack-dev mailing list