yahoo-eng-team team mailing list archive

[OpenStack Infra <1803499@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/618485
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=22aace21eb0669ba62b337688b7d3bc47577a2b1
Submitter: Zuul
Branch:    master

commit 22aace21eb0669ba62b337688b7d3bc47577a2b1
Author: 25643 <xieling1990.happy@xxxxxxx>
Date:   Thu Feb 7 21:55:16 2019 +0800

    Fix the verification method before creating and updating the firewall rule
    
    1.Verify the validity of the icmp port when the protocol is configured.
    2.When updating the rule, the modified data should be verified.
    
    Change-Id: I4c4b1cc5ff25b67e77669b721df4fdbb7d47515f
    Closes-Bug: #1803499


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1803499

Title:
  FWaaS-When setting the protocol to any firewall rule, the error is not
  in line with expectations.

Status in neutron:
  Fix Released

Bug description:
  version : pike

  question one

  create a firewall rule with neutron-CLI:
      neutron firewall-rule-create --protocol any --source-port 1234 --action deny

  Expectation error:
  Source/destination port requires a protocol.

  Actual error:
  Source, destination port are not allowed when protocol is set to ICMP.

  
  question two:

  we can not craete a firewall rule like this:
      neutron firewall-rule-create --protocol icmp --source-port 1234 --action deny

  but, we can do this in another way:
      neutron firewall-rule-create --protocol tcp --source-port 1234 --action deny
      neutron firewall-rule-update --protocol icmp firewall_rule_id
      neutron firewall-rule-show firewall_rule_id

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1803499/+subscriptions