iptables for secgroup not be set properly when set --no-security-group
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
yalei wang | ||
Juno |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
In the lastest code, iptables for secgroup not be set properly when set --no-security-
steps:
1. edit the 'default' secgroup, and add one rule for icmp.
#neutron security-
a
there will be one rule added for the ingress port iptale.
Chain neutron-
pkts bytes target prot opt in out source destination
...
0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0
...
2. remove the sec group of the port.
#neutron port-update 5edf1431-
I expect the rule created in step1 will be deleted which is created in step1, but not.
3. after reboot the ovs-agent, all the chain and rules about the port 5edf1431-
I think it is because security_
I am not sure if it's a bug, experts could help here.
description: | updated |
Changed in neutron: | |
assignee: | nobody → yalei wang (yalei-wang) |
description: | updated |
description: | updated |
Changed in neutron: | |
importance: | Undecided → High |
Changed in neutron: | |
milestone: | none → kilo-1 |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | kilo-1 → 2015.1.0 |
Fix proposed to branch: master /review. openstack. org/138633
Review: https:/