yahoo-eng-team team mailing list archive

[wujun <wujun@xxxxxxxxxxx>]

Public bug reported:

environment: devstack master

When update a firewall, we should update the iptables firstly,  and then
clear the conntrack record,  just like the function create_firewall().
Otherwise, the contrack record could be reproduced.

We can trigger the firewall_update action by:
1.#neutron firewall-update f1 --no-routers
2.vm ping external ip address all the time
3.#neutron firewall-update f1 --router demo-router

We can found that vm still can ping external ip address successfully.

** Affects: neutron
     Importance: Undecided
     Assignee: wujun (wujun)
         Status: New


** Tags: fwaas

** Changed in: neutron
     Assignee: (unassigned) => wujun (wujun)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1696093

Title:
  When update a firewall, we should update the iptables firstly,  and
  then clear the conntrack record,  just like the function
  create_firewall(). Otherwise, the contrack record could be reproduced.

Status in neutron:
  New

Bug description:
  environment: devstack master

  When update a firewall, we should update the iptables firstly,  and
  then clear the conntrack record,  just like the function
  create_firewall(). Otherwise, the contrack record could be reproduced.

  We can trigger the firewall_update action by:
  1.#neutron firewall-update f1 --no-routers
  2.vm ping external ip address all the time
  3.#neutron firewall-update f1 --router demo-router

  We can found that vm still can ping external ip address successfully.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1696093/+subscriptions