yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1303663] [NEW] Default security group wrong from Grizzly to IceHouse

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Federico Iezzi <1303663@xxxxxxxxxxxxxxxxxx>
Date: Mon, 07 Apr 2014 09:00:19 -0000
Reply-to: Bug 1303663 <1303663@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Hi Guys,

There is a bug that prevent a true default security group creation.
The default rules can't permit all traffic in and out.

Below how i fixed it.

            if s.get('name') == 'default':
                for ethertype in ext_sg.sg_supported_ethertypes:
                    # Allow All incoming Connections
                    ingress_rule = SecurityGroupRule(
                        id=uuidutils.generate_uuid(),
                        tenant_id=tenant_id,
                        security_group=security_group_db,
                        direction='ingress',
                        ethertype=ethertype,
                        remote_ip_prefix='0.0.0.0/0')
                    context.session.add(ingress_rule)
                    # Allow All outcoming Connections
                    egress_rule = SecurityGroupRule(
                        id=uuidutils.generate_uuid(),
                        tenant_id=tenant_id,
                        security_group=security_group_db,
                        direction='egress',
                        ethertype=ethertype,
                        remote_ip_prefix='0.0.0.0/0')
                    context.session.add(egress_rule)

https://github.com/openstack/neutron/blob/master/neutron/db/securitygroups_db.py#L120

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1303663

Title:
  Default security group wrong from Grizzly to IceHouse

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Hi Guys,

  There is a bug that prevent a true default security group creation.
  The default rules can't permit all traffic in and out.

  Below how i fixed it.

              if s.get('name') == 'default':
                  for ethertype in ext_sg.sg_supported_ethertypes:
                      # Allow All incoming Connections
                      ingress_rule = SecurityGroupRule(
                          id=uuidutils.generate_uuid(),
                          tenant_id=tenant_id,
                          security_group=security_group_db,
                          direction='ingress',
                          ethertype=ethertype,
                          remote_ip_prefix='0.0.0.0/0')
                      context.session.add(ingress_rule)
                      # Allow All outcoming Connections
                      egress_rule = SecurityGroupRule(
                          id=uuidutils.generate_uuid(),
                          tenant_id=tenant_id,
                          security_group=security_group_db,
                          direction='egress',
                          ethertype=ethertype,
                          remote_ip_prefix='0.0.0.0/0')
                      context.session.add(egress_rule)

  https://github.com/openstack/neutron/blob/master/neutron/db/securitygroups_db.py#L120

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1303663/+subscriptions

Follow ups

[Bug 1303663] Re: Default security group wrong from Grizzly to IceHouse
From: Launchpad Bug Tracker, 2015-12-06
[Bug 1303663] [NEW] Default security group wrong from Grizzly to IceHouse
From: Federico Iezzi, 2014-04-07

References

[Bug 1303663] [NEW] Default security group wrong from Grizzly to IceHouse
From: Federico Iezzi, 2014-04-07