FWaaS v2 fails to add ICMPv6 rules via horizon
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
In Progress
|
High
|
Brian Haley |
Bug Description
In rocky, FWaaS v2 fails to add the correct ip6tables rules for ICMPv6.
Steps to reproduce:
* Create rule with Protocol ICMP, IP version 6 in horizon
* Add the rule to a policy, and make sure the firewall group with that policy is attached to a port
* Login to the neutron network node that has the netns for your router and run ip6tables-save
Observe that your rule is added like:
-A neutron-
It should've added:
-A neutron-
Ubuntu 18.04
neutron-l3-agent 2:13.0.
python-
Changed in neutron: | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Brian Haley (brian-haley) |
It seems that at least fwaas/services/ firewall/ service_ drivers/ agents/ drivers/ linux/iptables_ fwaas_v2. py should works fine if You have this patch:
neutron_
https:/ /github. com/openstack/ neutron- fwaas/commit/ fa48d16d694269b 6b4245b90454448 f8e9895ed8
Can You check what driver are You using and if You have this patch already?