CLOUDSTACK-8925 - Drop the traffic when default egress is set to false - The DROP rule should be appended and the other rules inserted.

commit: caa0b4071c024b6672519ab811be733344a05086 [log] [tgz]
author: Wilder Rodrigues <wrodrigues@schubergphilis.com> Mon Nov 02 12:00:22 2015 +0100
committer: Wilder Rodrigues <wrodrigues@schubergphilis.com> Mon Nov 02 21:45:03 2015 +0100
tree: 4471e25509327e630e5cb145a215266f5f02fadd
parent: e3a4ec6cfd98c9fa96be317b33fa072a7d43b061 [diff]
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index 399e4e0..e9efa9b 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py

@@ -97,12 +97,16 @@
                 self.rule['last_port'] = obj['src_port_range'][1]
             self.rule['allowed'] = True
 
+            self.rule['action'] = "ACCEPT"
+
+            # In that case it means we are processing the default egress rule
             if self.rule['type'] == 'all' and not obj['source_cidr_list']:
+                if self.rule['default_egress_policy'] == 'false':
+                    self.rule['action'] = "DROP"
                 self.rule['cidr'] = ['0.0.0.0/0']
             else:
                 self.rule['cidr'] = obj['source_cidr_list']
 
-            self.rule['action'] = "ACCEPT"
             logging.debug("AclIP created for rule ==> %s", self.rule)
 
         def create(self):
commit	caa0b4071c024b6672519ab811be733344a05086	[log] [tgz]
author	Wilder Rodrigues <wrodrigues@schubergphilis.com>	Mon Nov 02 12:00:22 2015 +0100
committer	Wilder Rodrigues <wrodrigues@schubergphilis.com>	Mon Nov 02 21:45:03 2015 +0100
tree	4471e25509327e630e5cb145a215266f5f02fadd
parent	e3a4ec6cfd98c9fa96be317b33fa072a7d43b061 [diff]