yahoo-eng-team team mailing list archive

[Rodolfo Alonso <1922127@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Linux Bridge iptables firewall does not work without "ipset". When
"enable_ipset" config parameter is set to False, the LB iptables
firewall raises the following exception:
http://paste.openstack.org/show/804095/

Testing patch: https://review.opendev.org/c/openstack/neutron/+/783103

NOTE: this bug was found when testing the migration to "nft" from
"iptables". "ipset" is not compatible with "nft" and the alternative to
"ipset" implemented in native "nft" is not compatible with "iptables-
nft" ("nft" using the "iptables" API, to make the transition easier).
More info in: https://review.opendev.org/c/openstack/neutron/+/775413

** Affects: neutron
     Importance: Undecided
     Assignee: Rodolfo Alonso (rodolfo-alonso-hernandez)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => Rodolfo Alonso (rodolfo-alonso-hernandez)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1922127

Title:
  [LB] Linux Bridge iptables firewall does not work without "ipset"

Status in neutron:
  New

Bug description:
  Linux Bridge iptables firewall does not work without "ipset". When
  "enable_ipset" config parameter is set to False, the LB iptables
  firewall raises the following exception:
  http://paste.openstack.org/show/804095/

  Testing patch: https://review.opendev.org/c/openstack/neutron/+/783103

  NOTE: this bug was found when testing the migration to "nft" from
  "iptables". "ipset" is not compatible with "nft" and the alternative
  to "ipset" implemented in native "nft" is not compatible with
  "iptables-nft" ("nft" using the "iptables" API, to make the transition
  easier). More info in:
  https://review.opendev.org/c/openstack/neutron/+/775413

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1922127/+subscriptions