[Yahoo-eng-team] [Bug 1618082] [NEW] security rule with --protocol 255 does not gets programmed

Serguei Bezverkhi Mon, 29 Aug 2016 07:56:38 -0700

Public bug reported:

With the latest master (August 29, 2016) I see an issue with neutron
security group, these sequence of commands should create a group
allowign all traffic in or out:


neutron security-group-create  all-in-all-out
neutron security-group-rule-create --direction ingress --ethertype ipv4 
--protocol 255 --remote-ip-prefix 0.0.0.0/0  all-in-all-out  
neutron security-group-rule-create --direction ingress --ethertype ipv6 
--protocol 255 --remote-ip-prefix ::/0  all-in-all-out  

when this group gets attached to the instance, these rules do not get 
programmed. In order to be able to ping the instance from outside I need to add 
this rule:
 
neutron  security-group-rule-create --direction ingress --ethertype ipv4 
--protocol icmp --remote-ip-prefix 0.0.0.0/0 all-in-all-out

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1618082

Title:
  security rule with --protocol 255 does not gets programmed

Status in neutron:
  New

Bug description:
  With the latest master (August 29, 2016) I see an issue with neutron
  security group, these sequence of commands should create a group
  allowign all traffic in or out:

  neutron security-group-create  all-in-all-out
  neutron security-group-rule-create --direction ingress --ethertype ipv4 
--protocol 255 --remote-ip-prefix 0.0.0.0/0  all-in-all-out  
  neutron security-group-rule-create --direction ingress --ethertype ipv6 
--protocol 255 --remote-ip-prefix ::/0  all-in-all-out  

  when this group gets attached to the instance, these rules do not get 
programmed. In order to be able to ping the instance from outside I need to add 
this rule:
   
  neutron  security-group-rule-create --direction ingress --ethertype ipv4 
--protocol icmp --remote-ip-prefix 0.0.0.0/0 all-in-all-out

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1618082/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1618082] [NEW] security rule with --protocol 255 does not gets programmed

Reply via email to