yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #62128
[Bug 1671338] [NEW] Wrong ordered fw_rules when set them into fw_policy
Public bug reported:
There are 3 sample fw_rules in server. And I expect the order is tcp - ping - denyany
openstack firewall group rule list
+--------------------------------------+---------+---------+------------------------------------------------+
| ID | Name | Enabled | Summary |
+--------------------------------------+---------+---------+------------------------------------------------+
| 563841d1-1ae7-4c74-9231-fab88d44a76c | denyany | True | ANY, |
| | | | source(port): none specified(none specified), |
| | | | dest(port): none specified(none specified), |
| | | | deny |
| ab93b257-9449-4545-b46b-8ec011df14e7 | ping | True | ICMP, |
| | | | source(port): 1.1.1.1(none specified), |
| | | | dest(port): none specified(none specified), |
| | | | reject |
| d53d4015-50e4-4fb2-ab0d-1f7231065012 | tcp | True | TCP, |
| | | | source(port): 2.2.2.2(2222), |
| | | | dest(port): none specified(none specified), |
| | | | deny |
+--------------------------------------+---------+---------+------------------------------------------------+
Then I set them into fw_policy as my expect order.
openstack firewall group policy set test --firewall-rule tcp
openstack firewall group policy set test --firewall-rule ping
openstack firewall group policy set test --firewall-rule denyany
But I saw the order had changed and the backend driver will apply the rules in the wrong order.
openstack firewall group policy list
+--------------------------------------+------+-----------------------------------------------------------------------------------------------------------------------------+
| ID | Name | Firewall Rules |
+--------------------------------------+------+-----------------------------------------------------------------------------------------------------------------------------+
| 1b93f923-daff-40cc-8145-a3267769f26d | test | [u'563841d1-1ae7-4c74-9231-fab88d44a76c', u'ab93b257-9449-4545-b46b-8ec011df14e7', u'd53d4015-50e4-4fb2-ab0d-1f7231065012'] |
+--------------------------------------+------+-----------------------------------------------------------------------------------------------------------------------------+
Currently, neutron-fwaas accept the arguments with full list of fw_rules on fw_policy create/update. So this must be a OSC bug.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1671338
Title:
Wrong ordered fw_rules when set them into fw_policy
Status in neutron:
New
Bug description:
There are 3 sample fw_rules in server. And I expect the order is tcp - ping - denyany
openstack firewall group rule list
+--------------------------------------+---------+---------+------------------------------------------------+
| ID | Name | Enabled | Summary |
+--------------------------------------+---------+---------+------------------------------------------------+
| 563841d1-1ae7-4c74-9231-fab88d44a76c | denyany | True | ANY, |
| | | | source(port): none specified(none specified), |
| | | | dest(port): none specified(none specified), |
| | | | deny |
| ab93b257-9449-4545-b46b-8ec011df14e7 | ping | True | ICMP, |
| | | | source(port): 1.1.1.1(none specified), |
| | | | dest(port): none specified(none specified), |
| | | | reject |
| d53d4015-50e4-4fb2-ab0d-1f7231065012 | tcp | True | TCP, |
| | | | source(port): 2.2.2.2(2222), |
| | | | dest(port): none specified(none specified), |
| | | | deny |
+--------------------------------------+---------+---------+------------------------------------------------+
Then I set them into fw_policy as my expect order.
openstack firewall group policy set test --firewall-rule tcp
openstack firewall group policy set test --firewall-rule ping
openstack firewall group policy set test --firewall-rule denyany
But I saw the order had changed and the backend driver will apply the rules in the wrong order.
openstack firewall group policy list
+--------------------------------------+------+-----------------------------------------------------------------------------------------------------------------------------+
| ID | Name | Firewall Rules |
+--------------------------------------+------+-----------------------------------------------------------------------------------------------------------------------------+
| 1b93f923-daff-40cc-8145-a3267769f26d | test | [u'563841d1-1ae7-4c74-9231-fab88d44a76c', u'ab93b257-9449-4545-b46b-8ec011df14e7', u'd53d4015-50e4-4fb2-ab0d-1f7231065012'] |
+--------------------------------------+------+-----------------------------------------------------------------------------------------------------------------------------+
Currently, neutron-fwaas accept the arguments with full list of fw_rules on fw_policy create/update. So this must be a OSC bug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1671338/+subscriptions
Follow ups