← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #14678

[Bug 1323299] [NEW] fwaas: firewall is not working for when destination ip address is VM's floating ip in firewall rule

  Thread PreviousDate PreviousThread Next 
Public bug reported:

DESCRIPTION: 
 
Firewal is not working when setting the destination-ip-address as VM's floating ip  
Steps to Reproduce: 
1. create one network and attached it to the newly created router
2. Create VMs on the above network
3. create security group rule for icmp 
4. create an external network and attach it to the router as gateway
5. create floating ip and associate it to the VMs
6. create a first firewall rule as protocol=icmp , action =deny and desitination-ip-address as floatingip
7. create second firewall rule as protocol=any action=allow
8. attach the rule to the policy and the policy to the firewall
9. ping the VMs floating ip from network node which is having the external network configured.

Actual Results: 
Ping succeeds

Expected Results: 
Ping should fail as per the firewall rule

** Affects: neutron
     Importance: Undecided
         Status: New

** Attachment added: "logs_fw.txt"
   https://bugs.launchpad.net/bugs/1323299/+attachment/4119875/+files/logs_fw.txt

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1323299

Title:
  fwaas: firewall is not working for when destination  ip address is
  VM's floating ip in firewall rule

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  DESCRIPTION: 
   
  Firewal is not working when setting the destination-ip-address as VM's floating ip  
  Steps to Reproduce: 
  1. create one network and attached it to the newly created router
  2. Create VMs on the above network
  3. create security group rule for icmp 
  4. create an external network and attach it to the router as gateway
  5. create floating ip and associate it to the VMs
  6. create a first firewall rule as protocol=icmp , action =deny and desitination-ip-address as floatingip
  7. create second firewall rule as protocol=any action=allow
  8. attach the rule to the policy and the policy to the firewall
  9. ping the VMs floating ip from network node which is having the external network configured.

  Actual Results: 
  Ping succeeds

  Expected Results: 
  Ping should fail as per the firewall rule

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1323299/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next