← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1327071] [NEW] fwaas:Error not thrown when duplicate protocol options are present while creating firewall rule

 

Public bug reported:

Duplicate option Error not thrown, when creating firewall rule with duplicate option of protocol field. however error is throwing for action field while updating the firewall rule.
Steps to Reproduce: 
create firewall rule by specifying the protocol field two times
Actual Results: 
root@IH-HL-OSC:~# fwru r1 --protocol tcp --protocol icmp
Updated firewall_rule: r1
root@IH-HL-OSC:~# fwrl
+--------------------------------------+------+--------------------------------------+----------------------+---------+
| id                                   | name | firewall_policy_id                   | summary              | enabled |
+--------------------------------------+------+--------------------------------------+----------------------+---------+
| 7fd12232-2fd2-4fbc-a70b-2e3479f93392 | r1   | e8f3f423-0e38-4f58-85de-2ec9559cefb9 | ICMP,                | True    |
|                                      |      |                                      |  source: none(none), |         |
|                                      |      |                                      |  dest: none(22),     |         |
|                                      |      |                                      |  allow               |         |
| c81dd745-b71d-4879-a16e-401d9e60d68d | r2   |                                      | TCP,                 | True    |
|                                      |      |                                      |  source: none(none), |         |
|                                      |      |                                      |  dest: none(none),   |         |
|                                      |      |                                      |  allow               |         |
+--------------------------------------+------+--------------------------------------+----------------------+---------+
root@IH-HL-OSC:~# fwrc --name r2 --protocol icmp --action allow --action deny
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field                  | Value                                |
+------------------------+--------------------------------------+
| action                 | deny                                 |
| description            |                                      |
| destination_ip_address |                                      |
| destination_port       |                                      |
| enabled                | True                                 |
| firewall_policy_id     |                                      |
| id                     | bcdbe24d-93ac-4d2e-889d-ad6f8f5a2b29 |
| ip_version             | 4                                    |
| name                   | r2                                   |
| position               |                                      |
| protocol               | icmp                                 |
| shared                 | False                                |
| source_ip_address      |                                      |
| source_port            |                                      |
| tenant_id              | 8aac6cceec774dec8821d76e0c1bdd8c     |
+------------------------+--------------------------------------+
 
root@IH-HL-OSC:~# fwrc --name r2 --protocol icmp --action allow --protocol tcp
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field                  | Value                                |
+------------------------+--------------------------------------+
| action                 | allow                                |
| description            |                                      |
| destination_ip_address |                                      |
| destination_port       |                                      |
| enabled                | True                                 |
| firewall_policy_id     |                                      |
| id                     | af7de3ec-344c-44c0-98b2-bd7bc9db3d93 |
| ip_version             | 4                                    |
| name                   | r2                                   |
| position               |                                      |
| protocol               | tcp                                  |
| shared                 | False                                |
| source_ip_address      |                                      |
| source_port            |                                      |
| tenant_id              | 8aac6cceec774dec8821d76e0c1bdd8c     |
+------------------------+--------------------------------------+
root@IH-HL-OSC:~#
 
root@IH-HL-OSC:~# fwru --protocol icmp --action allow --action deny --protocol tcp
Duplicated options --action --action deny-----------------------------------------> error thrown for action

Expected Results: 
 
It should throw error when same option is given multiple times

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1327071

Title:
  fwaas:Error not thrown when duplicate protocol options are present
  while creating firewall rule

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Duplicate option Error not thrown, when creating firewall rule with duplicate option of protocol field. however error is throwing for action field while updating the firewall rule.
  Steps to Reproduce: 
  create firewall rule by specifying the protocol field two times
  Actual Results: 
  root@IH-HL-OSC:~# fwru r1 --protocol tcp --protocol icmp
  Updated firewall_rule: r1
  root@IH-HL-OSC:~# fwrl
  +--------------------------------------+------+--------------------------------------+----------------------+---------+
  | id                                   | name | firewall_policy_id                   | summary              | enabled |
  +--------------------------------------+------+--------------------------------------+----------------------+---------+
  | 7fd12232-2fd2-4fbc-a70b-2e3479f93392 | r1   | e8f3f423-0e38-4f58-85de-2ec9559cefb9 | ICMP,                | True    |
  |                                      |      |                                      |  source: none(none), |         |
  |                                      |      |                                      |  dest: none(22),     |         |
  |                                      |      |                                      |  allow               |         |
  | c81dd745-b71d-4879-a16e-401d9e60d68d | r2   |                                      | TCP,                 | True    |
  |                                      |      |                                      |  source: none(none), |         |
  |                                      |      |                                      |  dest: none(none),   |         |
  |                                      |      |                                      |  allow               |         |
  +--------------------------------------+------+--------------------------------------+----------------------+---------+
  root@IH-HL-OSC:~# fwrc --name r2 --protocol icmp --action allow --action deny
  Created a new firewall_rule:
  +------------------------+--------------------------------------+
  | Field                  | Value                                |
  +------------------------+--------------------------------------+
  | action                 | deny                                 |
  | description            |                                      |
  | destination_ip_address |                                      |
  | destination_port       |                                      |
  | enabled                | True                                 |
  | firewall_policy_id     |                                      |
  | id                     | bcdbe24d-93ac-4d2e-889d-ad6f8f5a2b29 |
  | ip_version             | 4                                    |
  | name                   | r2                                   |
  | position               |                                      |
  | protocol               | icmp                                 |
  | shared                 | False                                |
  | source_ip_address      |                                      |
  | source_port            |                                      |
  | tenant_id              | 8aac6cceec774dec8821d76e0c1bdd8c     |
  +------------------------+--------------------------------------+
   
  root@IH-HL-OSC:~# fwrc --name r2 --protocol icmp --action allow --protocol tcp
  Created a new firewall_rule:
  +------------------------+--------------------------------------+
  | Field                  | Value                                |
  +------------------------+--------------------------------------+
  | action                 | allow                                |
  | description            |                                      |
  | destination_ip_address |                                      |
  | destination_port       |                                      |
  | enabled                | True                                 |
  | firewall_policy_id     |                                      |
  | id                     | af7de3ec-344c-44c0-98b2-bd7bc9db3d93 |
  | ip_version             | 4                                    |
  | name                   | r2                                   |
  | position               |                                      |
  | protocol               | tcp                                  |
  | shared                 | False                                |
  | source_ip_address      |                                      |
  | source_port            |                                      |
  | tenant_id              | 8aac6cceec774dec8821d76e0c1bdd8c     |
  +------------------------+--------------------------------------+
  root@IH-HL-OSC:~#
   
  root@IH-HL-OSC:~# fwru --protocol icmp --action allow --action deny --protocol tcp
  Duplicated options --action --action deny-----------------------------------------> error thrown for action

  Expected Results: 
   
  It should throw error when same option is given multiple times

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1327071/+subscriptions


Follow ups

References