openstack-manuals

grizzly: preserve order of pre-existing iptables chains

Bug #1128551 reported by Tom Fifield
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-manuals
Fix Released
Medium
Tom Fifield
openstack-manuals grizzly

Bug Description

https://review.openstack.org/21484 added two new configuration options to nova that allow for existing IPtables chains to be left alone.

    Adds new configuration options:

        iptables_top_regex='' (Default)
            When set treated as a regular expression to match
            iptables rules that should always be placed at the
            top of the table before the nova chains.

        iptables_bottom_regex='' (Default)
            When set treated as a regular expression to match
            iptables rules that should always be placed at the
            bottom of the table right before the COMMIT

  101 cfg.StrOpt('iptables_top_regex',
   102 default='',
   103 help='Regular expression to match iptables rule that should'
   104 'always be on the top.'),
   105 cfg.StrOpt('iptables_bottom_regex',
   106 default='',
   107 help='Regular expression to match iptables rule that should'
   108 'always be on the bottom.'),

Tags: nova
Tom Fifield (fifieldt)
Changed in openstack-manuals:
milestone: none → grizzly
status: New → Confirmed
importance: Undecided → Medium
tags: added: nova
Tom Fifield (fifieldt)
Changed in openstack-manuals:
assignee: nobody → Tom Fifield (fifieldt)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/22169

Revision history for this message
Tom Fifield (fifieldt) wrote :

https://review.openstack.org/22169

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-manuals (master)

Reviewed: https://review.openstack.org/22169
Committed: http://github.com/openstack/openstack-manuals/commit/362ca4e50cd822b23f54dad5a7cfd7dc88d7c054
Submitter: Jenkins
Branch: master

commit 362ca4e50cd822b23f54dad5a7cfd7dc88d7c054
Author: Tom Fifield <email address hidden>
Date: Mon Feb 18 16:08:12 2013 +1100

    Adding new iptables_regex_{top,bottom} options

    fixes bug 1128551

    iptables_regex_{top,bottom}, introduced in grizzly, allow operators
    to have greater control over what nova does with their iptables.

    This patch adds them to the config option list.

    Change-Id: I46dbcb331a623f93db828ba5c1d7f38595503d98

Changed in openstack-manuals:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.