yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1497066] Re: If IP version is not specified while creating Firewall Rule, then it should populate it based on the Source and Destination IP

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Reedip <reedip.banerjee@xxxxxxxxxxxxxxxxxx>
Date: Mon, 28 Sep 2015 04:53:21 -0000
Reply-to: Bug 1497066 <1497066@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

For the case mentioned in the comment ( IP and IP version are specified
but they do not match) , a bug
(https://bugs.launchpad.net/neutron/+bug/1487599) and its review(
https://review.openstack.org/#/c/215768/3) is already open.


** Changed in: neutron
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1497066

Title:
  If IP version is not specified while creating Firewall Rule, then it
  should populate it based on the Source and Destination IP

Status in neutron:
  Opinion

Bug description:
  Example:
  reedip@reedip-VirtualBox:/opt/stack/python-neutronclient/neutronclient$ neutron firewall-rule-create --protocol tcp --action deny --source-ip-address 1::1
  Created a new firewall_rule:
  +------------------------+--------------------------------------+
  | Field                  | Value                                |
  +------------------------+--------------------------------------+
  | action                 | deny                                 |
  | description            |                                      |
  | destination_ip_address |                                      |
  | destination_port       |                                      |
  | enabled                | True                                 |
  | firewall_policy_id     |                                      |
  | id                     | dca8cb81-f65b-4eef-afbe-60d0abb5eecf |
  | ip_version             | 4                                    |
  | name                   |                                      |
  | position               |                                      |
  | protocol               | tcp                                  |
  | shared                 | False                                |
  | source_ip_address      | 1::1                                 |
  | source_port            |                                      |
  | tenant_id              | 83bb2407a0fb484581bde56dc1fae293     |
  +------------------------+--------------------------------------+
  reedip@reedip-VirtualBox:/opt/stack/python-neutronclient/neutronclient$

  On specifying IPv6 source address, the ip_version is populated as IPv4 which is not right.
  If IP Version is not specified, then in that case IP version should retrieve the data from Source/Destination IP.

  
  Need to confirm additional test case:
  - If IP version is specified and it does not match the IP version of Source/Destination Address then failure should be reported
  ( if --ip-version is given as 6 and source address is given as 192.168.101.1)

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1497066/+subscriptions

References

[Bug 1497066] [NEW] If IP version is not specified while creating Firewall Rule, then it should populate it based on the Source and Destination IP
From: Reedip, 2015-09-18