Public bug reported: *Seen on:* Pike and master devstack with FWaaS v2
*Scenario:* 1. Create deny_icmp rule, a policy, a fw group, security group with all allowed. 2. Create 1 router, 2 subnets, fw group assigned to router ports. 3. Boot a VM in each subnet 4. Check that iptables rules are applied and it is impossible to ping VMs by floating IP or from qrouter namespace 5. Restart L3 agent *Expected result:* After the restart iptables rules are reapplied in the same way and the traffic is still blocked. *Actual result:* In case when a firewall group contains several ports iptables rules get re-written for each port and in the result only the chains for the last port in a loop remain. Example scenario: http://paste.openstack.org/show/618908/ ** Affects: neutron Importance: Undecided Assignee: Elena Ezhova (eezhova) Status: In Progress ** Tags: fwaas ** Changed in: neutron Assignee: (unassigned) => Elena Ezhova (eezhova) ** Tags added: fwaas ** Changed in: neutron Status: New => In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1712075 Title: [FWaaS v2] L3 agent restart breaks firewall iptables configuration for router ports Status in neutron: In Progress Bug description: *Seen on:* Pike and master devstack with FWaaS v2 *Scenario:* 1. Create deny_icmp rule, a policy, a fw group, security group with all allowed. 2. Create 1 router, 2 subnets, fw group assigned to router ports. 3. Boot a VM in each subnet 4. Check that iptables rules are applied and it is impossible to ping VMs by floating IP or from qrouter namespace 5. Restart L3 agent *Expected result:* After the restart iptables rules are reapplied in the same way and the traffic is still blocked. *Actual result:* In case when a firewall group contains several ports iptables rules get re-written for each port and in the result only the chains for the last port in a loop remain. Example scenario: http://paste.openstack.org/show/618908/ To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1712075/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
