commit 66d4431f990b2da0d3b42493a499ab67e9a0020a
Author: Nguyen Phuong An <email address hidden>
Date: Wed Jan 31 14:54:53 2018 +0700
Remove disable option for default FWG and allow only on VM ports
Currently, auto associate default FWG works only one time and the logic
is broken if the new port is a DHCP port or router port. This patch
fixes the problem by validating if a port is a VM port or not,
ignores port binding failed or unbound and also adds trusted port
handling. In addition, for security perspective,
'auto_associate_default_firewall_group' CfgOpt is no longer used.
Automatic association with default firewall group with VM port
works by default.
Reviewed: https:/ /review. openstack. org/539461 /git.openstack. org/cgit/ openstack/ neutron- fwaas/commit/ ?id=66d4431f990 b2da0d3b42493a4 99ab67e9a0020a
Committed: https:/
Submitter: Zuul
Branch: master
commit 66d4431f990b2da 0d3b42493a499ab 67e9a0020a
Author: Nguyen Phuong An <email address hidden>
Date: Wed Jan 31 14:54:53 2018 +0700
Remove disable option for default FWG and allow only on VM ports
Currently, auto associate default FWG works only one time and the logic associate_ default_ firewall_ group' CfgOpt is no longer used.
is broken if the new port is a DHCP port or router port. This patch
fixes the problem by validating if a port is a VM port or not,
ignores port binding failed or unbound and also adds trusted port
handling. In addition, for security perspective,
'auto_
Automatic association with default firewall group with VM port
works by default.
Closes-Bug: #1746404 a99b851162d87f1 7f1a8ceb2dd
Co-Authored-By: Yushiro FURUKAWA<email address hidden>
Co-Authored-By: Chandan Dutta Chowdhury<email address hidden>
Change-Id: Ib567c0e0333335