yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1386543] Re: FWaaS - New blocking rules has no affect for existing traffic

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Ha Van Tu <tuhv@xxxxxxxxxxxxxx>
Date: Thu, 21 Apr 2016 08:52:13 -0000
Reply-to: Bug 1386543 <1386543@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 1474279 ***
    https://bugs.launchpad.net/bugs/1474279

** This bug has been marked a duplicate of bug 1474279
   FWaaS let connection opened if delete allow rule, beacuse of conntrack

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1386543

Title:
  FWaaS - New blocking rules has no affect for existing traffic

Status in neutron:
  New

Bug description:
  When building a firewall with a rule to block a specific Traffic - the
  current traffic is not blocked.

  For example:

  Running a Ping to an instance and then building a firewall with a rule to block ICMP to this instance doesn't have affect while the ping command is still running.
  Exiting the command and then trying pinging the Instance again shows the desired result - i.e. the traffic is blocked.

  This is also the case for SSH.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1386543/+subscriptions

References

[Bug 1386543] [NEW] FWaaS - New blocking rules has no affect for existing traffic
From: Itzik Brown, 2014-10-28