yahoo-eng-team team mailing list archive

[Lajos Katona <1973487@xxxxxxxxxxxxxxxxxx>]

We discussed the proposal today on the drivers meeting, see the logs:
https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-05-27-14.00.log.html#l-14

The decisions was to keep this functionality in client side as there can
be complications in case it is implemented in Neutron, i.e.: iptables
can add such rule one-by-one anyway.

** Changed in: neutron
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1973487

Title:
  [RFE] Allow setting --dst-port for all port based protocols at once

Status in neutron:
  Won't Fix

Bug description:
  Currently creating a security rule[0] with with an --dst-port argument
  requires specifying a protocol which support ports [1]. If a user
  wants to set a security rule for another protocol in this group the
  same command will have to be issued again. This RFE, is a simple "ask"
  if it would be worth adding a new --protocol argument which would
  apply for all L4 protocols at once. For example, a CLI command can
  look something like this

  openstack security group rule create --ingress --dst-port 53:53
  --protocol all_L4_protocols <security group name>

  Side info, specifying "--protocol any" does not work, but that is
  expected.

  The only benefit of this RFE would be to reduce number of commands
  needed to open up ports across different L4 protocols.

  
  [0] https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/security-group-rule.html#security-group-rule-create
  [1] https://github.com/openstack/neutron/blob/master/neutron/common/_constants.py#L23-L29

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1973487/+subscriptions