This applies to iptables-based security group implementation too.
It is not specific to FWaaS.
Previously we have the similar issue in floating IP association,
and it was fixed by clearing related conntrackd entries.
I think it is worth investigate for iptables related implementations
(both secgr
Hi,
I think Kazuhiro's concern is that if one want to delete an "allow" rule
or change an "allow" rule to "deny" rule, it is not work correctly because
a conntrack entry made by previous communication is not deleted in the
current implementation.
Thanks,
Itsuto Oda
On Wed, 8 Apr 2015 11:37:29 -0
Hi Miyashita,
The second rule is 'accept' on state being 'established' or 'related'. In
case of ICMP, if a request has gone out from inside network, then the reply
to that will match this rule. A new ICMP message initiated from outside
will not match this rule.
I hope I understood your question c
Hi,
I want to ask about FWaaS iptables rule implementation.
firewall rule are deployed as iptables rules in network node , and ACCEPT
target is set at second rule(*).
Chain neutron-l3-agent-iv431d7bfbc (1 references)
pkts bytes target prot opt in out source destina
