ICMP secgroup rule must have --dst-port -1 to actually allow ICMP
Bug #1477629 reported by
Jordan Pittier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-openstackclient |
Fix Released
|
Medium
|
Dean Troyer |
Bug Description
Hi,
Currently the correct syntax to authorize 'all ICMP traffic' is "openstack security group rule create default --proto icmp --dst-port -1". --dst-port -1 has to be specified. If you forget this part, then the rule is created okay (implicitly with --dst-port 0:0) which doesn"t work, ie you can't ping your VM.
It will be more user friendly if we could just "openstack security group rule create default --proto icmp", and OSC would fill the '-1' under the hood to make Nova happy.
Changed in python-openstackclient: | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in python-openstackclient: | |
assignee: | nobody → Dean Troyer (dtroyer) |
Changed in python-openstackclient: | |
status: | Triaged → In Progress |
Changed in python-openstackclient: | |
milestone: | none → 1.7.0 |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/205306 /git.openstack. org/cgit/ openstack/ python- openstackclient /commit/ ?id=e6706f25264 2e52dd9de556b92 edb769afa57868
Committed: https:/
Submitter: Jenkins
Branch: master
commit e6706f252642e52 dd9de556b92edb7 69afa57868
Author: Dean Troyer <email address hidden>
Date: Thu Jul 23 15:08:52 2015 -0500
Properly handle port arguments for ICMP
The Compute API requires 'from_port' and 'to_port' to be -1 for
ICMP security group rules. It happily accepts them empty or None
but the resulting rules do not work. So we force the values for
ICMP rules.
Closes-bug: #1477629 16be7c9a28d15d4 db2a6c51b8d
Change-Id: Iba57211014caca