Paul, There's an extension for this that is, I think, presently only implemented by the Nicira plugin. Look for portsecurity. Whatever they do is probably the way you should do it too. Cheers, -- Ian. On 21 January 2014 13:10, CARVER, PAUL <pc2929 at att.com> wrote: > Feel free to tell me this is a bad idea and scold me for even asking, > but please help me figure out how to do it anyway. This is for a specific > tenant in a specific lab that was built specifically for that one tenant to > do some experimental work that requires VMs to route and other VMs to act > as DHCP/PXEBoot servers. > > > > I need to wrap a conditional around this line > https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py#L201and this line > https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py#L241for specific VM instances. > > > > The criteria could be something like pattern matching on the instance > name, or based on a specific flavor image type. I don’t much care what the > criteria is as long as it’s something the tenant can control. What I’m > hoping someone can provide me with is an example line of code or two with > which I can examine some property of the image that has been created from > within the specific file referenced above in order to wrap if statements > around those two lines of code so that I can prevent them from adding those > specific iptables rules in the specific cases where my tenant needs to > either route or respond to DHCP. > > > > Thanks > > > > -- > > Paul Carver > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140121/a19d91f5/attachment.html>