Comment 4 for bug 1252620
Revision history for this message
| Salvatore Orlando (salvatore-orlando) wrote Re: security groups don't block unwanted traffic | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
The bug should therefore be: security groups not enforced anymore.
There is a related bug in nova I commented on (I seem to be unable to find it now).
Basically a recent devstack commit changed the security group driver to Noop driver in nova when using neutron, which make sense.
this uncovered an issue in vif.py for libvirt, where the generic driver uses the hybrid mode only when the value for the firewall_driver option in nova.conf is != NoOpFirewallDriver.
I am not sure how would be the best fix for it, but since the generic vif driver relies on port binding data, I think port binding should instruct to use the hybrid driver.