Public bug reported:
When a user switches from the hybrid firewall to the OVS native firewall
the iptables rules will be left behind on the filtering bridge. Since
removing the bridge would require difficult coordination with Nova and
it would be disruptive to traffic, that is currently not a viable
approach.
To make the transition easier, the OVS firewall should at least detect
when one of its VM ports contains a filtering bridge and drop all of the
iptables rules on it so we don't have stale rules interfering with the
traffic.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1721895
Title:
OVS firewall should drop iptables rules if it detects a bridge
Status in neutron:
New
Bug description:
When a user switches from the hybrid firewall to the OVS native
firewall the iptables rules will be left behind on the filtering
bridge. Since removing the bridge would require difficult coordination
with Nova and it would be disruptive to traffic, that is currently not
a viable approach.
To make the transition easier, the OVS firewall should at least detect
when one of its VM ports contains a filtering bridge and drop all of
the iptables rules on it so we don't have stale rules interfering with
the traffic.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1721895/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
