Comment 7 for bug 1745642

Reviewed: https://review.openstack.org/577393
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=a6ee16d72a11402d0b94ca8ed16410636ba74f48
Submitter: Zuul
Branch: stable/pike

commit a6ee16d72a11402d0b94ca8ed16410636ba74f48
Author: Chandan Dutta Chowdhury <email address hidden>
Date: Fri Jan 26 05:23:16 2018 +0000

    This patch changes the CT zone allocation range

    SG with hybrid-iptables driver uses per port conntrack zones.
    FWaaS port security uses per network conntrack zones based on
    local vlans assigned by ovs l2 agent.

    In case both SG iptables-hybrid driver and FWaaS port security is enabled,
    there is a posibility of iptables-hybrid and OVS based FWaaS driver
    allocating overlapping zone and creating security holes.

    This patch changes the zone allocation range for iptables and
    hybrid_iptables driver to 4097 - 65535. While OVS based
    port security driver can use zones based on local vlan range 1 - 4096

    Closes-Bug: #1745642
    Change-Id: I4d51637ed1de8fe85b4982a03410d4a3f637ea3f
    (cherry picked from commit 9a620f6ea51f5696310283869e68f6a1d49164d1)