Comment 24 for bug 1818385

Reviewed: https://review.openstack.org/642145
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=4350ed3c3556388eaa7f8623ed05b5adc86e9c16
Submitter: Zuul
Branch: master

commit 4350ed3c3556388eaa7f8623ed05b5adc86e9c16
Author: Brian Haley <email address hidden>
Date: Fri Mar 8 15:24:24 2019 -0500

    Better handle ports in security groups

    After taking a closer look at bug 1818385, I found a couple
    of follow-on things to fix in the security group code.

    First, there are very few protocols that accept ports,
    especially via iptables. For this reason I think it's
    acceptable that the API rejects them as invalid.

    Second, UDPlite has some interesting support in iptables. It
    does not support using --dport directly, but does using
    '-m multiport --dports 123', and also supports port ranges using
    '-m multiport --dports 123:124'. Added code for this special
    case.

    Change-Id: Ifb2e6bb6c7a2e2987ba95040ef5a98ed50aa36d4
    Closes-Bug: #1818385