neutron

nvp security groups needs explict egress rules

Bug #1150378 reported by Aaron Rosen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Aaron Rosen
neutron 2013.1 "grizzly"

Bug Description

A change was made to quantum so that security groups would have rules that explicitly stated that egress traffic is allowed. These need to be added to the nvp_plugin.

Tags: nicira
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/23736

Changed in quantum:
status: New → In Progress
Aaron Rosen (arosen)
Changed in quantum:
milestone: none → grizzly-rc1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (master)

Reviewed: https://review.openstack.org/23736
Committed: http://github.com/openstack/quantum/commit/6bb31ed9f1a9291b9940473ebafb338f96ab3b84
Submitter: Jenkins
Branch: master

commit 6bb31ed9f1a9291b9940473ebafb338f96ab3b84
Author: Aaron Rosen <email address hidden>
Date: Wed Mar 6 12:21:08 2013 -0800

    Add explicit egress rules to nvp security profile

    The following commit 7e26074b changed the previous behavior of quantum
    security groups by explicitly adding egress rules to the security profile.
    When these rules are removed the vm is no longer able to send traffic out.

    This patch adds these rules for NVP. One thing to note in the patch
    is that now a bunk rule of IPv4 127.0.0.1/32 is added to each security
    profile. The reason for this is by default NVP security profiles allow
    all egress traffic until a rule is added and then it just lets traffic
    matching those rules out. Adding this bunk rule achieves this behavior
    that quantum now uses.

    Fixes bug 1150378

    Change-Id: I005880fcf39d539ae99be428d75c43cc0b39a7b6

Changed in quantum:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in quantum:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in quantum:
milestone: grizzly-rc1 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.