yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #95829
[Bug 2110020] [NEW] FWaaS v2 rules not enforced between subnets when DVR is enabled (OpenStack 2024.1)
Public bug reported:
I'm using OpenStack version 2024.1 deployed with kolla-ansible. In an
environment where DVR (Distributed Virtual Routing) is enabled, FWaaS v2
firewall rules are not enforced properly between internal subnets.
Instances from separate subnets are still able to communicate (e.g., via
ICMP), despite explicit deny rules being configured in the firewall
group policy.
The same FWaaS v2 configuration works correctly in a separate
environment where DVR is disabled. This suggests that the issue may be
related to the way FWaaS v2 integrates with DVR routing behavior.
Steps to reproduce and the exact configuration can be provided upon
request.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2110020
Title:
FWaaS v2 rules not enforced between subnets when DVR is enabled
(OpenStack 2024.1)
Status in neutron:
New
Bug description:
I'm using OpenStack version 2024.1 deployed with kolla-ansible. In an
environment where DVR (Distributed Virtual Routing) is enabled, FWaaS
v2 firewall rules are not enforced properly between internal subnets.
Instances from separate subnets are still able to communicate (e.g.,
via ICMP), despite explicit deny rules being configured in the
firewall group policy.
The same FWaaS v2 configuration works correctly in a separate
environment where DVR is disabled. This suggests that the issue may be
related to the way FWaaS v2 integrates with DVR routing behavior.
Steps to reproduce and the exact configuration can be provided upon
request.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2110020/+subscriptions