yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #79858
[Bug 1843025] [NEW] FWaaS v2 fails to add ICMPv6 rules via horizon
Public bug reported:
In rocky, FWaaS v2 fails to add the correct ip6tables rules for ICMPv6.
Steps to reproduce:
* Create rule with Protocol ICMP, IP version 6 in horizon
* Add the rule to a policy, and make sure the firewall group with that policy is attached to a port
* Login to the neutron network node that has the netns for your router and run ip6tables-save
Observe that your rule is added like:
-A neutron-l3-agent-iv63872a6fc -s 2001:db8:1d00:13::/64 -p icmp -j neutron-l3-agent-accepted
It should've added:
-A neutron-l3-agent-iv63872a6fc -s 2001:db8:1d00:13::/64 -p ipv6-icmp -j neutron-l3-agent-accepted
Ubuntu 18.04
neutron-l3-agent 2:13.0.4-0ubuntu1~cloud0
python-neutron-fwaas 1:13.0.2-0ubuntu1~cloud0
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1843025
Title:
FWaaS v2 fails to add ICMPv6 rules via horizon
Status in neutron:
New
Bug description:
In rocky, FWaaS v2 fails to add the correct ip6tables rules for
ICMPv6.
Steps to reproduce:
* Create rule with Protocol ICMP, IP version 6 in horizon
* Add the rule to a policy, and make sure the firewall group with that policy is attached to a port
* Login to the neutron network node that has the netns for your router and run ip6tables-save
Observe that your rule is added like:
-A neutron-l3-agent-iv63872a6fc -s 2001:db8:1d00:13::/64 -p icmp -j neutron-l3-agent-accepted
It should've added:
-A neutron-l3-agent-iv63872a6fc -s 2001:db8:1d00:13::/64 -p ipv6-icmp -j neutron-l3-agent-accepted
Ubuntu 18.04
neutron-l3-agent 2:13.0.4-0ubuntu1~cloud0
python-neutron-fwaas 1:13.0.2-0ubuntu1~cloud0
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1843025/+subscriptions
Follow ups
