snat random-fully supported with iptables 1.6.0
Bug #1951564 reported by
Maximilian Stinsky
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Unassigned |
Bug Description
With the following report https:/
This is only getting applied with iptables 1.6.2 through a version check on the neutorn-l3-agent start.
--random-fully is already supported since iptables 1.6.0 for SNAT rules. 1.6.2 is only required for MASQUERADE.
As far as I can see neutron is only setting SNAT rules so it would be reasonable to decrease the version check to 1.6.0 - this would enable --random-fully for more deployments as ubuntu bionic for example only ships with iptables 1.6.1.
Changed in neutron: | |
status: | New → Confirmed |
Changed in neutron: | |
importance: | Undecided → Medium |
To post a comment you must log in.
Seems like really there's some support from 1.6.0: /www.netfilter. org/projects/ iptables/ files/changes- iptables- 1.6.0.txt
https:/
Thanks