[LB] Linux Bridge iptables firewall does not work without "ipset"

Bug #1922127 reported by Rodolfo Alonso
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Medium
Rodolfo Alonso

Bug Description

Linux Bridge iptables firewall does not work without "ipset". When "enable_ipset" config parameter is set to False, the LB iptables firewall raises the following exception: http://paste.openstack.org/show/804095/

Testing patch: https://review.opendev.org/c/openstack/neutron/+/783103

NOTE: this bug was found when testing the migration to "nft" from "iptables". "ipset" is not compatible with "nft" and the alternative to "ipset" implemented in native "nft" is not compatible with "iptables-nft" ("nft" using the "iptables" API, to make the transition easier). More info in: https://review.opendev.org/c/openstack/neutron/+/775413

Changed in neutron:
assignee: nobody → Rodolfo Alonso (rodolfo-alonso-hernandez)
tags: added: linuxbridge
Changed in neutron:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 16.3.2

This issue was fixed in the openstack/neutron 16.3.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 17.1.2

This issue was fixed in the openstack/neutron 17.1.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 18.1.0

This issue was fixed in the openstack/neutron 18.1.0 release.

Changed in neutron:
status: New → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 19.0.0.0rc1

This issue was fixed in the openstack/neutron 19.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers