yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1289088] Re: iptables firewall doesn't parse icmp type in security group rule

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Tue, 01 Apr 2014 12:04:42 -0000
Reply-to: Bug 1289088 <1289088@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1289088

Title:
  iptables firewall doesn't parse icmp type in security group rule

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  In current security group code, source_port_range_min and
  source_port_range_max are used to specify icmp type and code when
  security group rule protocol is icmp. However, the code _port_arg in
  iptables_firewall called by _convert_sgr_to_iptables_rules skips
  protocol icmp when processing the arg.

  This happens to both ipv4 and ipv6 icmp firewall rules.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1289088/+subscriptions

References

[Bug 1289088] [NEW] iptables firewall doesn't parse icmp type in security group rule
From: Xu Han Peng, 2014-03-07