Thank you, i am trying the following but look like it doesn't like it, Openstack Doc saying it should work. (i am running latest openstack)
# openstack security group create --stateless foo_sg Error while executing command: BadRequestException: 400, Unrecognized attribute(s) 'stateful' On Fri, Sep 10, 2021 at 4:05 PM Odintsov Vladislav <[email protected]> wrote: > > I’m not an openstack user, so leave this question to somebody > from openstack guys. > > Regards, > Vladislav Odintsov > > On 10 Sep 2021, at 23:00, Satish Patel <[email protected]> wrote: > > Thank you for your reply, > > Glad to know there is a workaround, i am little noob to OVN, could you > explain how to set higher priority ACL using "openstack security group > rule" command, because most of my users using terrafrom to deploy vms > and play with security-group and how do i tell allow-stateless when > create group using openstack clients? > > On Fri, Sep 10, 2021 at 3:54 PM Odintsov Vladislav <[email protected]> wrote: > > > Hi, > > with OVN 21.06+ you can create overriding ACLs with higher priority > than you currently have, with special "allow-stateless" verb, which ensures > packets bypassing conntrack. > > Regards, > Vladislav Odintsov > > On 10 Sep 2021, at 22:49, Satish Patel <[email protected]> wrote: > > Folk, > > We are a large shop of UDP applications so trying to find a way to > disable the conntrack for the entire UDP protocol stack, I did google > and dig into some ovn documentation but did not find any workaround > which allows disabling a conntrack on UDP protocol. > > Or another option i was thinking of is to disable ACL in OVS entirely > and then i will use iptables on vm because that way i can disable > conntrack using iptables. > > Anyone have any idea what to do if possible? > _______________________________________________ > discuss mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > > > _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
