yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1013893] Re: firewall blocking policy is hard coded to DROP

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 29 May 2013 10:28:49 -0000
Reply-to: Bug 1013893 <1013893@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1013893

Title:
  firewall blocking policy is hard coded to DROP

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  nova/virt/firewall.py: IptablesFirewallDriver is hard coded to DROP packets for connections that have not been authorized.
  It would be interesting/useful to be able to configure the behaviour in this area (e.g. some installations might choose REJECT to make it more obvious to users what is happening, or even add a LOG as well)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1013893/+subscriptions