Juniper Openstack

contrail-security: UI need to take a range of service ports in FWR rule and src and dst ports in ServiceGroup creation

Bug #1773236 reported by Senthilnathan Murugappan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R5.0
New
High
Sarin Kizhakkepurayil
Juniper Openstack r5.0.2
Trunk
New
High
Sarin Kizhakkepurayil
Juniper Openstack r5.1.0

Bug Description

1) Currently UI for 'Create of Service Group' doesnt have an option to specify the range of source ports but the Schema have options to specify both src and dst ports.

API Schema for SG:
https://github.com/Juniper/contrail-api-client/blob/38ceb7cf777b7794d47f08702a9d23d4eee7d4b5/schema/firewall_policy.xsd#L27

2) Option for specifying service in 'Create Firewall Rule' need to take range of ports for src-ports and dst-ports. Currently it takes only one port number for sport and dport.
(Protocol:SrcPort:DstPort has to become Protocol:SrcMinPort-SrcMaxPort:DstMinPort-DstMaxPort)

API schema for PortType:
https://github.com/Juniper/contrail-api-client/blob/063933c854a33ef584be0b477bec8f00df6534a2/schema/vnc_cfg.xsd#L161

Have attached screenshots of both the create tabs.

It would also be good to have ',' separated ports like tcp:0-65535:80,443 for dst-ports which would become couple of properties in api server portType like (tcp:0-65535:80) and (tcp:0-65535:443)

Revision history for this message
Senthilnathan Murugappan (msenthil) wrote :
Revision history for this message
Senthilnathan Murugappan (msenthil) wrote :

SG creation

Revision history for this message
Jeba Paulaiyan (jebap) wrote :

Contrail-command should be used from 5.0.1 and above. Keeping this open in 5.0.2 to address any gaps.

Jeba Paulaiyan (jebap)
tags: added: contrail-command
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.