← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #16294

[Bug 1330913] [NEW] fwaas: After deleting all routers or interfaces firewall status should not show as active

  Thread PreviousDate PreviousThread Next 
Public bug reported:

After deleting all routers firewall status should not show as active

>From Admin tenant as well as user tenant, Firewall becomes active as per the below steps
1. create firewall  (after creating firewall rule and policy)
2. create router
3. Add at least one network interface to the router
4. firewall becomes active

However from admin tenant, if we create router and then firewall ,
firewall becomes active without the need of adding any network interface
to the router . but in this sequence of firewall creation, firewall
becomes active in user tenant only after adding any interface to the
router.

In both the above cases, firewall doesn't become inactive or down when
deleting all the interfaces in the router or deleting all the router

 
Steps to Reproduce: 
1. create firewall rule  and attach it to the newly created  firewall policy 
2. create firewall with the above policy.
3. create router and attach any network interface
4. firewall becomes active
5. remove the network interface from router or delete the router 
Actual Results: 
firewall status shows as active
 Expected results:
firewall status should show as DOWN

root@IGA-OSC:~# rid r1 55088e59-ad2b-4691-9a2f-85aa540a5743
Removed interface from router r1.
root@IGA-OSC:~# rid r1 fb8b1745-8be8-44a9-bf94-15dad4cd6c1d
Removed interface from router r1.
root@IGA-OSC:~# rd r1
Deleted router: r1
root@IGA-OSC:~# fws f1
+--------------------+--------------------------------------+
| Field              | Value                                |
+--------------------+--------------------------------------+
| admin_state_up     | True                                 |
| description        |                                      |
| firewall_policy_id | 9db0f412-0e35-4786-bd9e-9f28a6de9b3e |
| id                 | 6422127f-cc81-4f37-a5d2-f6d1ae5cc035 |
| name               | f1                                   |
| status             | ACTIVE                               |
| tenant_id          | d9481c57a11c46eea62886938b5378a7     |
+--------------------+--------------------------------------+
root@IGA-OSC:~# neutron router-list

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: fwaas

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1330913

Title:
  fwaas: After deleting all routers or interfaces firewall status should
  not show as active

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  After deleting all routers firewall status should not show as active

  From Admin tenant as well as user tenant, Firewall becomes active as per the below steps
  1. create firewall  (after creating firewall rule and policy)
  2. create router
  3. Add at least one network interface to the router
  4. firewall becomes active

  However from admin tenant, if we create router and then firewall ,
  firewall becomes active without the need of adding any network
  interface to the router . but in this sequence of firewall creation,
  firewall becomes active in user tenant only after adding any interface
  to the router.

  In both the above cases, firewall doesn't become inactive or down when
  deleting all the interfaces in the router or deleting all the router

   
  Steps to Reproduce: 
  1. create firewall rule  and attach it to the newly created  firewall policy 
  2. create firewall with the above policy.
  3. create router and attach any network interface
  4. firewall becomes active
  5. remove the network interface from router or delete the router 
  Actual Results: 
  firewall status shows as active
   Expected results:
  firewall status should show as DOWN

  root@IGA-OSC:~# rid r1 55088e59-ad2b-4691-9a2f-85aa540a5743
  Removed interface from router r1.
  root@IGA-OSC:~# rid r1 fb8b1745-8be8-44a9-bf94-15dad4cd6c1d
  Removed interface from router r1.
  root@IGA-OSC:~# rd r1
  Deleted router: r1
  root@IGA-OSC:~# fws f1
  +--------------------+--------------------------------------+
  | Field              | Value                                |
  +--------------------+--------------------------------------+
  | admin_state_up     | True                                 |
  | description        |                                      |
  | firewall_policy_id | 9db0f412-0e35-4786-bd9e-9f28a6de9b3e |
  | id                 | 6422127f-cc81-4f37-a5d2-f6d1ae5cc035 |
  | name               | f1                                   |
  | status             | ACTIVE                               |
  | tenant_id          | d9481c57a11c46eea62886938b5378a7     |
  +--------------------+--------------------------------------+
  root@IGA-OSC:~# neutron router-list

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1330913/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next