neutron

  1. Bug #1749667
  2. Comment #11

Comment 11 for bug 1749667

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/pike)

Reviewed: https://review.openstack.org/566922
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=d8f9c9447020f1708ebac2b210e3bfe1dbefe3fa
Submitter: Zuul
Branch: stable/pike

commit d8f9c9447020f1708ebac2b210e3bfe1dbefe3fa
Author: Brian Haley <email address hidden>
Date: Thu Feb 15 13:57:32 2018 -0500

    Only allow SG port ranges for whitelisted protocols

    Iptables only supports port-ranges for certain protocols,
    others will generate failures, possibly leaving the agent
    looping trying to apply rules. Change to not allow port
    ranges outside of the list of known good protocols.

    This backport is based on commit
    b564871bb759a38cf96527f94e7c7d4cc760b1c9, excluding validation
    and tests for protocols where support for port ranges was
    added later (in Pike, only TCP and UDP are supported).

    Conflicts:
        neutron/tests/unit/db/test_securitygroups_db.py

    Change-Id: I5867f77fc5aedc169b42f50def0424ff209c164c
    Closes-bug: #1749667
    (cherry picked from commit b564871bb759a38cf96527f94e7c7d4cc760b1c9)