yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #18893
[Bug 1191871] Re: security group rule in some cases ignores protocol to distinguish rules
This bug does not reproduce on master now, so marking it as Invalid.
** Changed in: neutron
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1191871
Title:
security group rule in some cases ignores protocol to distinguish
rules
Status in OpenStack Neutron (virtual network service):
Invalid
Bug description:
When creating security group rules, in same cases creating a rules
prevents creating a more general one, e.g.:
+----------------+-----------+----------+------------------+--------------+----------------+----------------+-----------+
| security_group | direction | protocol | remote_ip_prefix | remote_group | port_range_min | port_range_max | ethertype |
+----------------+-----------+----------+------------------+--------------+----------------+----------------+-----------+
| sg1 | ingress | tcp | | sg1 | 1 | 65535 | IPv4 |
| sg1 | ingress | tcp | | sg1 | 22 | 22 | IPv4 |
| sg1 | ingress | tcp | | sg1 | 23 | 23 | IPv4 |
| sg1 | ingress | icmp | | sg1 | | | IPv4 |
+----------------+-----------+----------+------------------+--------------+----------------+----------------+-----------+
$ quantum security-group-rule-create sg1 --direction ingress --remote-group-id sg1
Security group rule already exists. Group id is 0571b3cb-b21a-4b52-a6a1-0779a0feaa94.
If the rule without the protocol specification is created first, then
the other rules can be created successfully.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1191871/+subscriptions
