neutron

iptables rules for linuxbridge ignore bridge_mappings

Bug #1761070 reported by Sam Morrison
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
neutron
Won't Fix
Medium
Unassigned

Bug Description

We have bridge_mappings set for linuxbridge agent to use a non standard bridge naming convention.

This works in all places apart from the setting zone rules in iptables.

The code in neutron/agent/linux/iptables_firewall.py doesn't take into account mappings and just uses the default bridge name which is derived from the network ID.

Revision history for this message
Lujin Luo (luo-lujin) wrote :

Hi, could you please provide more details about the issue? what kind of error messages are you seeing when neutron/agent/linux/iptables_firewall.py takes default bridge name from network ID? how we can reproduce it?

Revision history for this message
Sam Morrison (sorrison) wrote :

If if have the following set:

[linux_bridge]
bridge_mappings=physnet0:br0

Then all my tap devices are attached to the br0 bridge.

However the iptables rules that are created to set the zone for the interface specify the wrong bridge device eg:

-A neutron-linuxbri-PREROUTING -m physdev --physdev-in brqec0080be-fe -m comment --comment "Set zone for 7664b1f-8b" -j CT --zone 8
-A neutron-linuxbri-PREROUTING -i brqec0080be-fe -m comment --comment "Set zone for 7664b1f-8b" -j CT --zone 8

It should be br0 not brqec0080be-fe

Does that make sense?

Lujin Luo (luo-lujin)
Changed in neutron:
importance: Undecided → Medium
Revision history for this message
Rodolfo Alonso (rodolfo-alonso-hernandez) wrote :

Bug closed due to lack of activity, please feel free to reopen if needed.

Changed in neutron:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.