← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 2110020] [NEW] FWaaS v2 rules not enforced between subnets when DVR is enabled (OpenStack 2024.1)

 

Public bug reported:

I'm using OpenStack version 2024.1 deployed with kolla-ansible. In an
environment where DVR (Distributed Virtual Routing) is enabled, FWaaS v2
firewall rules are not enforced properly between internal subnets.
Instances from separate subnets are still able to communicate (e.g., via
ICMP), despite explicit deny rules being configured in the firewall
group policy.

The same FWaaS v2 configuration works correctly in a separate
environment where DVR is disabled. This suggests that the issue may be
related to the way FWaaS v2 integrates with DVR routing behavior.

Steps to reproduce and the exact configuration can be provided upon
request.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2110020

Title:
  FWaaS v2 rules not enforced between subnets when DVR is enabled
  (OpenStack 2024.1)

Status in neutron:
  New

Bug description:
  I'm using OpenStack version 2024.1 deployed with kolla-ansible. In an
  environment where DVR (Distributed Virtual Routing) is enabled, FWaaS
  v2 firewall rules are not enforced properly between internal subnets.
  Instances from separate subnets are still able to communicate (e.g.,
  via ICMP), despite explicit deny rules being configured in the
  firewall group policy.

  The same FWaaS v2 configuration works correctly in a separate
  environment where DVR is disabled. This suggests that the issue may be
  related to the way FWaaS v2 integrates with DVR routing behavior.

  Steps to reproduce and the exact configuration can be provided upon
  request.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2110020/+subscriptions