yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1335375] Re: ping still working after security group rule is created, updated, or deleted

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 03 Sep 2015 19:06:00 -0000
Reply-to: Bug 1335375 <1335375@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1335375

Title:
  ping still working after security group rule is created, updated, or
  deleted

Status in neutron:
  Fix Released

Bug description:
  After we create an ICMP rule for a security group, even though we
  delete this rule, the VM in this security group ping still working
  once connected, there is a same problem in floatingIP, bug#1334926

  The bug is relevant for any connections, including ssh, etc.

  The problem is also encountered when adding or updating a rule to
  attempt to block traffic that is already established.

  At the root of this problem is that conntrack marks related and
  established traffic and a rule exists to automatically accept it.
  Modifying SG rules only modifies rules for new traffic.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1335375/+subscriptions

References

[Bug 1335375] [NEW] ping still working once connected even after related security group rule is deleted
From: shihanzhang, 2014-06-28