yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #88987
[Bug 1973487] Re: [RFE] Allow setting --dst-port for all port based protocols at once
We discussed the proposal today on the drivers meeting, see the logs:
https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-05-27-14.00.log.html#l-14
The decisions was to keep this functionality in client side as there can
be complications in case it is implemented in Neutron, i.e.: iptables
can add such rule one-by-one anyway.
** Changed in: neutron
Status: New => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1973487
Title:
[RFE] Allow setting --dst-port for all port based protocols at once
Status in neutron:
Won't Fix
Bug description:
Currently creating a security rule[0] with with an --dst-port argument
requires specifying a protocol which support ports [1]. If a user
wants to set a security rule for another protocol in this group the
same command will have to be issued again. This RFE, is a simple "ask"
if it would be worth adding a new --protocol argument which would
apply for all L4 protocols at once. For example, a CLI command can
look something like this
openstack security group rule create --ingress --dst-port 53:53
--protocol all_L4_protocols <security group name>
Side info, specifying "--protocol any" does not work, but that is
expected.
The only benefit of this RFE would be to reduce number of commands
needed to open up ports across different L4 protocols.
[0] https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/security-group-rule.html#security-group-rule-create
[1] https://github.com/openstack/neutron/blob/master/neutron/common/_constants.py#L23-L29
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1973487/+subscriptions
References