[RFE] L3 - netfilter Contrack Helper Support
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Wishlist
|
Harald Jensås |
Bug Description
OS distributions started to disable the nf_conntrack_helper functionality by default. (Ubuntu Bionic) Without the nf_conntrack_helper traffic such as tftp and other protocols that require a nf_conntrack module will not work. (This became apparent with Openstack Ironic which uses tftp transfer boot images during Pre Boot Execution (PXE) stopped working.)
Deactivating the automatic conntrack helper assignment is better security practice, ref:
https:/
This RFE is for adding support in Neutron to configure protocol specific CT target rules. This was discussed in meeting[1] 2019-03-20 with consensus on adding an L3 extension.
Changed in neutron: | |
importance: | Undecided → Wishlist |
tags: |
added: rfe-triaged removed: rfe |
description: | updated |
description: | updated |
Changed in neutron: | |
assignee: | nobody → Harald Jensås (harald-jensas) |
status: | New → Incomplete |
status: | Incomplete → In Progress |
status: | In Progress → Fix Committed |
Changed in neutron: | |
status: | Fix Committed → Fix Released |
This RFE was approved by the drivers today, with the assumption that the behavior will be the same for all distros