Juniper Openstack

ContrailSecurity: UI need to provide an option to specify protocol and ports as part of Firewall Rule specifications

Bug #1732288 reported by Senthilnathan Murugappan on 2017-11-14

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Juniper Openstack	Status tracked in Trunk
	R4.1	Won't Fix	High	Suresh Akula	Juniper Openstack r4.1.1.0
	Trunk	Fix Committed	High	Suresh Akula	Juniper Openstack r5.0.0

Bug Description

Per specs
https://github.com/Juniper/contrail-controller/blob/master/specs/fw_security_enhancements.md#firewall-rule

we allow specifying protocol and ports as part of FW-Rule and the backend does support it and the same is true with log option. We need to add support for these in UI too.

Tags:

Revision history for this message

Anish Mehta (amehta00) wrote on 2017-11-15:

#1

This should work.
I tried to specify protocol port in firewall wizard (in "Services" section when writing a rule), it worked for me.
Please include your screenshots, and give more information.

Revision history for this message

Senthilnathan Murugappan (msenthil) wrote on 2017-11-16:

#2

Anish,

We dont have an option to specify the Src Port and also the Port-Range for Dst Ports. Like how we used to specify for Network Policy Rules.

- Senthil

Revision history for this message

Naga Kiran (nagakiran) wrote on 2017-11-22:

#3

As of now, we can specify the combination of protocol and destination ports in "Services" like "TCP:100-200".
Will work on the options to support specifying source ports also post 4.1

Revision history for this message

Naga Kiran (nagakiran) wrote on 2018-01-31:

#4

To allow specifying both src ports and dst ports along with protocol, We will make the changes to allow the following input format for "Services" field in UI

<protocol>:<srcPorts>:<dstPorts>
If only one set of ports are given (<protocol>:<dstPorts>), they will be interpreted as destination ports which is the current behavior.

Will add an info icon, next to "Services" field, that shows the help for allowed formats

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-02-01: [Review update] master

#5

Review in progress for https://review.opencontrail.org/39387
Submitter: Rajiv Sah (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-02-05: A change has been merged

#7

Reviewed: https://review.opencontrail.org/39387
Committed: http://github.com/Juniper/contrail-web-controller/commit/a1a2cbb8f1d4f5e5c7173d1d5b2883c501f0d094
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit a1a2cbb8f1d4f5e5c7173d1d5b2883c501f0d094
Author: rajivks <email address hidden>
Date: Thu Feb 1 14:46:55 2018 +0530

UI need to provide an option to specify protocol and ports
as part of Firewall Rule specifications.

Added Protocol:srcPort:dstPort format

Change-Id: I65a68ec3caf449fc8cf0b968c2db793a50ba6b34
Closes-Bug: #1732288

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.