yahoo-eng-team team mailing list archive

[Xu Han Peng <pengxuhan@xxxxxxxxx>]

Public bug reported:

In current security group code, source_port_range_min and
source_port_range_max are used to specify icmp type and code when
security group rule protocol is icmp. However, the code _port_arg in
iptables_firewall called by _convert_sgr_to_iptables_rules skips
protocol icmp when processing the arg.

This happens to both ipv4 and ipv6 icmp firewall rules.

** Affects: neutron
     Importance: Undecided
     Assignee: Xu Han Peng (xuhanp)
         Status: In Progress

** Changed in: neutron
     Assignee: (unassigned) => Xu Han Peng (xuhanp)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1289088

Title:
  iptables firewall doesn't parse icmp type in security group rule

Status in OpenStack Neutron (virtual network service):
  In Progress

Bug description:
  In current security group code, source_port_range_min and
  source_port_range_max are used to specify icmp type and code when
  security group rule protocol is icmp. However, the code _port_arg in
  iptables_firewall called by _convert_sgr_to_iptables_rules skips
  protocol icmp when processing the arg.

  This happens to both ipv4 and ipv6 icmp firewall rules.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1289088/+subscriptions