Comment 8 for bug 1818385
Revision history for this message
| Doug Wiegley (dougwig) wrote Re: It's possible to add a security group rule for VRRP with a dport | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
A little bit worse than that, since we also use the rules for basic connectivity in some cases, so sometimes no new VMs would ever work, and the ones that do would be open. And if the hypervisor is rebooted or the neutron agent restarted, all rules would end up wiped.
Your iptables would effectively be frozen at the point of the bad rule being inserted, whatever that was.
Workarounds include the patch, or using the OVS security group driver.