** Changed in: neutron
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1823633
Title:
[RFE] L3 - netfilter Contrack Helper Support
Status in neutron:
Fix Released
Bug description:
OS distributions started to disable the nf_conntrack_helper
functionality by default. (Ubuntu Bionic) Without the
nf_conntrack_helper traffic such as tftp and other protocols that
require a nf_conntrack module will not work. (This became apparent
with Openstack Ironic which uses tftp transfer boot images during Pre
Boot Execution (PXE) stopped working.)
Deactivating the automatic conntrack helper assignment is better security
practice, ref:
https://github.com/regit/secure-conntrack-helpers/blob/master/secure-conntrack-helpers.rst
This RFE is for adding support in Neutron to configure protocol
specific CT target rules. This was discussed in meeting[1] 2019-03-20
with consensus on adding an L3 extension.
[1] http://eavesdrop.openstack.org/irclogs/%23openstack-
meeting/%23openstack-meeting.2019-03-20.log.html#t2019-03-20T14:47:08
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1823633/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
