← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1618117] Re: fwaas: icmp traffic blocked on adding tcp deny (ssh) rule

 

Will close as it's quite old, if this is still an issue with the latest
code please re-open and provide more information.

** Changed in: neutron
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1618117

Title:
  fwaas: icmp traffic blocked on adding tcp deny (ssh) rule

Status in neutron:
  Invalid

Bug description:
  When tcp deny rules are added to a firewall or no rules are there in
  firewall policy, icmp traffic is block until icmp allow rule is added
  to firewall

  Steps:
  1. Boot two VM in different network and router associated to both the VMs subnet.
  2. Add security group rule for ssh and ping.
  3. Make sure SSH and ping works from one VM to another.
  4. Add tcp deny (ssh) or tcp deny (http) or no firewall rule.
  5. Try to ssh it fails worked as expected since firewall rule for deny tcp is added.
  6. Try to ping the VMs it also fails
  Actual : Ping (icmp) traffic get denied by adding tcp deny rule.
  Expected : Only ssh should be blocked not the icmp.

  ICMP traffic is allowed only when ICMP allow rule is added to the
  firewall, is this expected behaviour..?

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1618117/+subscriptions



References