commit d8f9c9447020f1708ebac2b210e3bfe1dbefe3fa
Author: Brian Haley <email address hidden>
Date: Thu Feb 15 13:57:32 2018 -0500
Only allow SG port ranges for whitelisted protocols
Iptables only supports port-ranges for certain protocols,
others will generate failures, possibly leaving the agent
looping trying to apply rules. Change to not allow port
ranges outside of the list of known good protocols.
This backport is based on commit
b564871bb759a38cf96527f94e7c7d4cc760b1c9, excluding validation
and tests for protocols where support for port ranges was
added later (in Pike, only TCP and UDP are supported).
Reviewed: https:/ /review. openstack. org/566922 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=d8f9c944702 0f1708ebac2b210 e3bfe1dbefe3fa
Committed: https:/
Submitter: Zuul
Branch: stable/pike
commit d8f9c9447020f17 08ebac2b210e3bf e1dbefe3fa
Author: Brian Haley <email address hidden>
Date: Thu Feb 15 13:57:32 2018 -0500
Only allow SG port ranges for whitelisted protocols
Iptables only supports port-ranges for certain protocols,
others will generate failures, possibly leaving the agent
looping trying to apply rules. Change to not allow port
ranges outside of the list of known good protocols.
This backport is based on commit 9a38cf96527f94e 7c7d4cc760b1c9, excluding validation
b564871bb75
and tests for protocols where support for port ranges was
added later (in Pike, only TCP and UDP are supported).
Conflicts:
neutron/ tests/unit/ db/test_ securitygroups_ db.py
Change-Id: I5867f77fc5aedc 169b42f50def042 4ff209c164c cf96527f94e7c7d 4cc760b1c9)
Closes-bug: #1749667
(cherry picked from commit b564871bb759a38