[Yahoo-eng-team] [Bug 1565705] [NEW] iptables duplicate rule warning on ports with multiple security groups

Mon, 04 Apr 2016 03:26:21 -0700 

Public bug reported:

If ports are members of multiple security groups, there may be duplicate
rules when it comes time to convert them to iptables rules (e.g. both
groups have a rule to allow TCP port 80). This results in warnings from
the iptables manager detecting duplicate rules that hint that there may
be a bug.

For example:

WARNING neutron.agent.linux.iptables_manager [req-
944a9996-062b-4588-9536-d5df779da344 - -] Duplicate iptables rule
detected. This may indicate a bug in the the iptables rule generation
code. Line: -A neutron-openvswi-oe4186b39-0 -j RETURN


This warning resulted from a port that was a member of two security groups that 
both allowed all EGRESS traffic.

** Affects: neutron
     Importance: Undecided
     Assignee: Kevin Benton (kevinbenton)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => Kevin Benton (kevinbenton)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1565705

Title:
  iptables duplicate rule warning on ports with multiple security groups

Status in neutron:
  New

Bug description:
  If ports are members of multiple security groups, there may be
  duplicate rules when it comes time to convert them to iptables rules
  (e.g. both groups have a rule to allow TCP port 80). This results in
  warnings from the iptables manager detecting duplicate rules that hint
  that there may be a bug.

  For example:

  WARNING neutron.agent.linux.iptables_manager [req-
  944a9996-062b-4588-9536-d5df779da344 - -] Duplicate iptables rule
  detected. This may indicate a bug in the the iptables rule generation
  code. Line: -A neutron-openvswi-oe4186b39-0 -j RETURN

  
  This warning resulted from a port that was a member of two security groups 
that both allowed all EGRESS traffic.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1565705/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to