puppet-tripleo - not possible to create IPv4 or IPv6 only rules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Harald Jensås |
Bug Description
In some cases firewall rules for IPv4 and IPv6 should not be the same. Two examples:
1. DHCPv6 uses UDP port number 546 for clients and port number 547 for servers. While DHCP (v4) uses UDP port number 67 for clients and port number 68 for servers.
2. For IPv4 protocol 'icmp', while for IPv6 'ipv6-icmp'
Currently the icmp difference is handled in puppet-tripleo[1], but for DHCP TrieplO currently open port 67 and 68 for both IPv4 and IPv6 and it does not open port 546 and 547 at all.
puppet-tripleo should support setting firewall rules for either IPv4 or IPv6 if the rule defines the ip_version. For rules not providing this info the current behaviour of adding the rule to both IPv4 and IPv6 firewall should be maintained.
[1] https:/
Changed in tripleo: | |
assignee: | nobody → Emilien Macchi (emilienm) |
Changed in tripleo: | |
assignee: | Emilien Macchi (emilienm) → Harald Jensås (harald-jensas) |
Fix proposed to branch: master /review. opendev. org/684384
Review: https:/