yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1487599] [NEW] fwaas - ip_version and IP address conflicts are not raised

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: "Sean M. Collins" <sean@xxxxxxxxxxxxx>
Date: Fri, 21 Aug 2015 20:17:23 -0000
Reply-to: Bug 1487599 <1487599@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The FwaaS API currently allows the creation of firewall rules where the
IP version is 4 but the source and destination IPs are IPv6 addresses.

http://paste.openstack.org/show/412434/

This causes failures when a firewall is created, because iptables is
being invoked with IPv6 addresses, which causes an exception in the
iptables driver.

** Affects: neutron
     Importance: Undecided
     Assignee: Sean M. Collins (scollins)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1487599

Title:
  fwaas - ip_version and IP address conflicts are not raised

Status in neutron:
  In Progress

Bug description:
  The FwaaS API currently allows the creation of firewall rules where
  the IP version is 4 but the source and destination IPs are IPv6
  addresses.

  http://paste.openstack.org/show/412434/

  This causes failures when a firewall is created, because iptables is
  being invoked with IPv6 addresses, which causes an exception in the
  iptables driver.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1487599/+subscriptions

Follow ups

[Bug 1487599] Re: fwaas - ip_version and IP address conflicts are not raised
From: Doug Hellmann, 2015-12-03