Comment 7 for bug 1457900
Revision history for this message
| George Shuklin (george-shuklin) wrote | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
Well, I've looked around and I must agree, it have not easy solution. May be adding logic to dnsmasq... But otherwise iptables seems to be the single option.
But I have concern: should we apply them on the compute host? I think it should be limited only to outgoing traffic from neutron-dhcp-agent. Reason: Any additional iptables rules on compute will slow down neutron near 'fast path' with tenant traffic.
As far as I understand fix, it applied to tenant ports, not to dhcp-agent ports.