Reviewed: https://review.opendev.org/c/openstack/neutron/+/822562 Committed: https://opendev.org/openstack/neutron/commit/5e62eac7a97a251ab3f2330d65950a4b9e2a33cf Submitter: "Zuul (22348)" Branch: master
commit 5e62eac7a97a251ab3f2330d65950a4b9e2a33cf Author: Maximilian Stinsky <[email protected]> Date: Tue Dec 21 22:31:18 2021 +0100 Reduce iptables version check from 1.6.2 to 1.6.0 The check is required to check if --random-fully can be used. Neutron is only using MASQUERADE rules which --random-fully supports since version 1.6.0. Closes-Bug: #1951564 Change-Id: I4d9a2f7d396d6cc8c958f5be635c2d3236e3fe4f ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1951564 Title: snat random-fully supported with iptables 1.6.0 Status in neutron: Fix Released Bug description: With the following report https://bugs.launchpad.net/neutron/+bug/1814002 neutron was set to create SNAT rules with the --random-fully flag. This is only getting applied with iptables 1.6.2 through a version check on the neutorn-l3-agent start. --random-fully is already supported since iptables 1.6.0 for SNAT rules. 1.6.2 is only required for MASQUERADE. As far as I can see neutron is only setting SNAT rules so it would be reasonable to decrease the version check to 1.6.0 - this would enable --random-fully for more deployments as ubuntu bionic for example only ships with iptables 1.6.1. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1951564/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
