yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1922127] Re: [LB] Linux Bridge iptables firewall does not work without "ipset"

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rodolfo Alonso <1922127@xxxxxxxxxxxxxxxxxx>
Date: Fri, 27 Aug 2021 09:02:02 -0000
Reply-to: Bug 1922127 <1922127@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Changed in: neutron
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1922127

Title:
  [LB] Linux Bridge iptables firewall does not work without "ipset"

Status in neutron:
  Fix Released

Bug description:
  Linux Bridge iptables firewall does not work without "ipset". When
  "enable_ipset" config parameter is set to False, the LB iptables
  firewall raises the following exception:
  http://paste.openstack.org/show/804095/

  Testing patch: https://review.opendev.org/c/openstack/neutron/+/783103

  NOTE: this bug was found when testing the migration to "nft" from
  "iptables". "ipset" is not compatible with "nft" and the alternative
  to "ipset" implemented in native "nft" is not compatible with
  "iptables-nft" ("nft" using the "iptables" API, to make the transition
  easier). More info in:
  https://review.opendev.org/c/openstack/neutron/+/775413

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1922127/+subscriptions

References

[Bug 1922127] [NEW] [LB] Linux Bridge iptables firewall does not work without "ipset"
From: Rodolfo Alonso, 2021-03-31