Public bug reported:
If iptables driver is used for Security groups (e.g. in Linuxbridge L2 agent)
there is an issue with update rules. When You have rule which allows some kind
of traffic (like ssh for example from some src IP address) and You have
established, active connection which match this rule, connection will be still
active even if rule will be removed/changed.
It is because in iptables in chain for each SG as first there is rule to accept
packets with "state RELATED,ESTABLISHED".
I'm not sure if it is in fact bug or maybe it's just design decision to have
better performance of iptables.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1657260
Title:
Established connection don't stops when rule is removed
Status in neutron:
New
Bug description:
If iptables driver is used for Security groups (e.g. in Linuxbridge L2 agent)
there is an issue with update rules. When You have rule which allows some kind
of traffic (like ssh for example from some src IP address) and You have
established, active connection which match this rule, connection will be still
active even if rule will be removed/changed.
It is because in iptables in chain for each SG as first there is rule to
accept packets with "state RELATED,ESTABLISHED".
I'm not sure if it is in fact bug or maybe it's just design decision to have
better performance of iptables.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1657260/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
