neutron

  1. Bug #1696093
  2. Comment #7

Comment 7 for bug 1696093

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-fwaas (master)

Reviewed: https://review.openstack.org/471301
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=6a31bfbb3400fb818e7b2f15fa11337bafed80cd
Submitter: Jenkins
Branch: master

commit 6a31bfbb3400fb818e7b2f15fa11337bafed80cd
Author: wujun <email address hidden>
Date: Tue Jun 6 05:58:32 2017 -0400

    Modify an order between iptables and conntrack when update firewall

    When update a firewall, we should update the iptables firstly,
    and then remove the conntrack record, just like the function
    create_firewall() and create_firewall_group(). Otherwise, the
    contrack record could be reproduced. It will be occurred more
    easily in scenario of large flow, because removing conntrack
    and updating firewall will take some time, and in this interval
    the subsequent flow could be came to reproduced the same
    conntrack record.

    Change-Id: I7bd36964199c6ce7c146f3ef06a693e9c6fe5353
    Closes-bug: #1696093