← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #62302

[Bug 1672922] [NEW] iptables: stop 'fixing' kernel sysctl bridge firewalling knobs

  Thread PreviousDate PreviousThread Next 
Public bug reported:

https://review.openstack.org/436315
Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.
Your project "openstack/neutron" is set up so that we directly report the documentation bugs against it. If this needs changing, the docimpact-group option needs to be added for the project. You can ask the OpenStack infra team (#openstack-infra on freenode) for help if you need to.

commit c1dfb53bf1db1fe65ba6a8ef64a0b30151ee5c03
Author: Ihar Hrachyshka <ihrachys@xxxxxxxxxx>
Date:   Sat Feb 11 12:50:04 2017 +0000

    iptables: stop 'fixing' kernel sysctl bridge firewalling knobs
    
    Those are different on different kernel versions, and have reasonable
    default values on all newer kernel versions, including RHEL. We
    nevertheless made devstack to set those in the past; now I propose to
    clean the code from neutron tree and leave it up to deployment tools to
    fix in an unlikely case the system has broken default values.
    
    Now that iptables firewall code does not trigger sysctl, we can also
    remove this filter from the corresponding rootwrap .filters file.
    
    DocImpact make sure deployment docs mention the expected sysctl knob
              values.
    
    Change-Id: Iabf61021c90b0536be274463d48fb5a572ecc023
    Related-Bug: #1622914

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: doc neutron

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1672922

Title:
      iptables: stop 'fixing' kernel sysctl bridge firewalling knobs

Status in neutron:
  New

Bug description:
  https://review.openstack.org/436315
  Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.
  Your project "openstack/neutron" is set up so that we directly report the documentation bugs against it. If this needs changing, the docimpact-group option needs to be added for the project. You can ask the OpenStack infra team (#openstack-infra on freenode) for help if you need to.

  commit c1dfb53bf1db1fe65ba6a8ef64a0b30151ee5c03
  Author: Ihar Hrachyshka <ihrachys@xxxxxxxxxx>
  Date:   Sat Feb 11 12:50:04 2017 +0000

      iptables: stop 'fixing' kernel sysctl bridge firewalling knobs
      
      Those are different on different kernel versions, and have reasonable
      default values on all newer kernel versions, including RHEL. We
      nevertheless made devstack to set those in the past; now I propose to
      clean the code from neutron tree and leave it up to deployment tools to
      fix in an unlikely case the system has broken default values.
      
      Now that iptables firewall code does not trigger sysctl, we can also
      remove this filter from the corresponding rootwrap .filters file.
      
      DocImpact make sure deployment docs mention the expected sysctl knob
                values.
      
      Change-Id: Iabf61021c90b0536be274463d48fb5a572ecc023
      Related-Bug: #1622914

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1672922/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next