← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #94268

[Bug 2073509] [NEW] east and west traffic is not allowed/blocked with neutron fwaas v2

  Thread PreviousDate PreviousThread Next 
Public bug reported:

When trying to block network traffic in same subnet, it didn't work.

I will explain details below:
1. firstly create 2 networks,subnets
   you can see network details in there: https://paste.openstack.org/show/bHMEmhQvqQQycaxuaHnW/

2. create a router and connect subnets to this router:
   you can see router details in there: https://paste.openstack.org/show/bEOg6PB17JAYY3U60kiU/

3. Create 3 vms and 2 of them is are in same subnet:
   you can see vm details in there:https://paste.openstack.org/show/bXYQjlZ0mJwX6vYlVzgi/

4. create firewall rules for blocking network traffic from same subnets and different subnets
    You can see firewall rule details in there: https://paste.openstack.org/show/bgvvMLzNkteCbfTdvCqw/

5. create ingress and eggress firewall policies and add rules.
    You can see firewall policy details in there: https://paste.openstack.org/show/bw69J4La6LctGRfULBnM/

6. create firewall group.
    you can see firewall group details in there: https://paste.openstack.org/show/bR3ZGqkmqz5QDo6L8NPa/

Result: 
1. friewall rules worked between different subnets. For example in rules icmp traffic is blocked from 192.168.30.83 to 172.16.30.20. it is worked as expected.
2. friewall rules didn't work between same subnets. For example in rules icmp traffic is blocked from 192.168.30.83 to 92.168.30.175. it didn't work. we can ping.

OpenStack Version: 2023.1
Linux Distro: Ubuntu 22.04
Neutron Plugin: ML2+OVS

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: neutron-fwaas

** Tags added: neutron-fwaas

** Summary changed:

- east and west traffic is not allowed/blocked with neutron fwaa v2 
+ east and west traffic is not allowed/blocked with neutron fwaas v2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2073509

Title:
  east and west traffic is not allowed/blocked with neutron fwaas v2

Status in neutron:
  New

Bug description:
  When trying to block network traffic in same subnet, it didn't work.

  I will explain details below:
  1. firstly create 2 networks,subnets
     you can see network details in there: https://paste.openstack.org/show/bHMEmhQvqQQycaxuaHnW/

  2. create a router and connect subnets to this router:
     you can see router details in there: https://paste.openstack.org/show/bEOg6PB17JAYY3U60kiU/

  3. Create 3 vms and 2 of them is are in same subnet:
     you can see vm details in there:https://paste.openstack.org/show/bXYQjlZ0mJwX6vYlVzgi/

  4. create firewall rules for blocking network traffic from same subnets and different subnets
      You can see firewall rule details in there: https://paste.openstack.org/show/bgvvMLzNkteCbfTdvCqw/

  5. create ingress and eggress firewall policies and add rules.
      You can see firewall policy details in there: https://paste.openstack.org/show/bw69J4La6LctGRfULBnM/

  6. create firewall group.
      you can see firewall group details in there: https://paste.openstack.org/show/bR3ZGqkmqz5QDo6L8NPa/

  Result: 
  1. friewall rules worked between different subnets. For example in rules icmp traffic is blocked from 192.168.30.83 to 172.16.30.20. it is worked as expected.
  2. friewall rules didn't work between same subnets. For example in rules icmp traffic is blocked from 192.168.30.83 to 92.168.30.175. it didn't work. we can ping.

  OpenStack Version: 2023.1
  Linux Distro: Ubuntu 22.04
  Neutron Plugin: ML2+OVS

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2073509/+subscriptions
  Thread PreviousDate PreviousThread Next