[FW Logging] NFLOG rules still remains after deleting log resource
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Undecided
|
LongKB |
Bug Description
I have tested a logging feature for firewall_group in stable/rocky [1], and found a bug. Please follow the following testcase to reproduce this bug:
Environment:
- Devstack stable/rocky
- Install devstack with local.conf: http://
- Topology: Set up topolocy with the following script http://
Testcase
--------
- Create log resource:
openstack network log create --resource-type firewall_group --event accept testAccept
- Show iptables config:
router_
router_
sudo ip netns exec $router_ns iptables -nvL
- The results showed that NFLOG already added correctly into iptables: http://
Bug triggering
--------------
Delete log-resource with: openstack network log delete testAccept
Error logs: http://
=> Expectation: NFLOGs for ACCEPT disappears
=> Observed: NFLOGs for ACCEPT still remains => Bug
References:
[1] https:/
summary: |
- [FW Logging] NFLOG rules still remains after delete log resource + [FW Logging] NFLOG rules still remains after deleting log resource |
Changed in neutron: | |
assignee: | nobody → Kim Bao Long (longkb.fvl) |
status: | New → In Progress |
description: | updated |
Hello Kim, thank you for your information.
I would like to ask you to provide extra information:
- which services/plugins did you have enable on your Devstack?
- which commands did you execute to reproduce the issue?
- which commands did you execute to confirm the issue?
- could you provide logs from neutron services, please?
Thank you! Paweł