ping still working after security group rule is created, updated, or deleted
Bug #1335375 reported by
shihanzhang
This bug affects 11 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
shihanzhang |
Bug Description
After we create an ICMP rule for a security group, even though we delete this rule, the VM in this security group ping still working once connected, there is a same problem in floatingIP, bug#1334926
The bug is relevant for any connections, including ssh, etc.
The problem is also encountered when adding or updating a rule to attempt to block traffic that is already established.
At the root of this problem is that conntrack marks related and established traffic and a rule exists to automatically accept it. Modifying SG rules only modifies rules for new traffic.
Changed in neutron: | |
assignee: | nobody → shihanzhang (shihanzhang) |
Changed in neutron: | |
importance: | Undecided → High |
tags: | added: sg-fw |
Changed in neutron: | |
assignee: | shihanzhang (shihanzhang) → akash (akashg1611) |
tags: | removed: l3-ipam-dhcp |
Changed in neutron: | |
assignee: | Akash Gangil (akashg1611) → Elena Ezhova (eezhova) |
description: | updated |
Changed in neutron: | |
status: | New → Confirmed |
summary: |
- ping still working once connected even after related security group rule - is deleted + ping still working after security group rule is created, updated, or + deleted |
description: | updated |
Changed in neutron: | |
assignee: | Elena Ezhova (eezhova) → shihanzhang (shihanzhang) |
status: | Confirmed → In Progress |
Changed in neutron: | |
milestone: | none → liberty-1 |
Changed in neutron: | |
milestone: | liberty-1 → liberty-2 |
Changed in neutron: | |
milestone: | liberty-2 → liberty-3 |
Changed in neutron: | |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | liberty-3 → 7.0.0 |
To post a comment you must log in.
That seems to be slightly related to https:/ /bugs.launchpad .net/neutron/ +bug/1334926