iptables: stop 'fixing' kernel sysctl bridge firewalling knobs
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| neutron |
Fix Released
|
Low
|
Boden R | ||
Bug Description
https:/
Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.
Your project "openstack/neutron" is set up so that we directly report the documentation bugs against it. If this needs changing, the docimpact-group option needs to be added for the project. You can ask the OpenStack infra team (#openstack-infra on freenode) for help if you need to.
commit c1dfb53bf1db1fe
Author: Ihar Hrachyshka <email address hidden>
Date: Sat Feb 11 12:50:04 2017 +0000
iptables: stop 'fixing' kernel sysctl bridge firewalling knobs
Those are different on different kernel versions, and have reasonable
default values on all newer kernel versions, including RHEL. We
nevertheless made devstack to set those in the past; now I propose to
clean the code from neutron tree and leave it up to deployment tools to
fix in an unlikely case the system has broken default values.
Now that iptables firewall code does not trigger sysctl, we can also
remove this filter from the corresponding rootwrap .filters file.
DocImpact make sure deployment docs mention the expected sysctl knob
Change-Id: Iabf61021c90b05
Related-Bug: #1622914
| Changed in neutron: | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| assignee: | nobody → Boden R (boden) |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to neutron (master) | #1 |
| Changed in neutron: | |
| status: | Confirmed → In Progress |
| OpenStack Infra (hudson-openstack) wrote Fix merged to neutron (master) | #2 |
| Changed in neutron: | |
| status: | In Progress → Fix Released |
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/neutron 12.0.0.0b1 | #3 |
Fix proposed to branch: master
Review: https:/