security-group-rule dose not work
Bug #1811673 reported by
Taoyunxiang
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
networking-ovn |
New
|
Undecided
|
Unassigned |
Bug Description
As we know,an whole security-group-rule should have two-direction rules,which are from and to.
when i create a port named portA with a security-group which has only one rule,accept packages to the port.
but when I ping another port from portA ,i got the reply packages.
i checked the logical_flow ,i found this logical flow,as fellows.
table=6 (ls_in_acl ), priority=65535, match=(ct.est && !ct.rel && !ct.new && !ct.inv && ct.rpl && ct_label.blocked == 0), action=(next;)
the flow above tells us ,the est and rpl packages are allowed.
i think this is not good ,but i can not found related codes.
To post a comment you must log in.