Bug closed due to lack of activity, please feel free to reopen if
needed.
** Changed in: neutron
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1671338
Title:
Wrong ordered fw_rules when set them into fw_policy
Status in neutron:
Won't Fix
Bug description:
There are 3 sample fw_rules in server. And I expect the order is tcp - ping -
denyany
openstack firewall group rule list
+--------------------------------------+---------+---------+------------------------------------------------+
| ID | Name | Enabled | Summary
|
+--------------------------------------+---------+---------+------------------------------------------------+
| 563841d1-1ae7-4c74-9231-fab88d44a76c | denyany | True | ANY,
|
| | | | source(port):
none specified(none specified), |
| | | | dest(port):
none specified(none specified), |
| | | | deny
|
| ab93b257-9449-4545-b46b-8ec011df14e7 | ping | True | ICMP,
|
| | | | source(port):
1.1.1.1(none specified), |
| | | | dest(port):
none specified(none specified), |
| | | | reject
|
| d53d4015-50e4-4fb2-ab0d-1f7231065012 | tcp | True | TCP,
|
| | | | source(port):
2.2.2.2(2222), |
| | | | dest(port):
none specified(none specified), |
| | | | deny
|
+--------------------------------------+---------+---------+------------------------------------------------+
Then I set them into fw_policy as my expect order.
openstack firewall group policy set test --firewall-rule tcp
openstack firewall group policy set test --firewall-rule ping
openstack firewall group policy set test --firewall-rule denyany
But I saw the order had changed and the backend driver will apply the rules
in the wrong order.
openstack firewall group policy list
+--------------------------------------+------+-----------------------------------------------------------------------------------------------------------------------------+
| ID | Name | Firewall Rules
|
+--------------------------------------+------+-----------------------------------------------------------------------------------------------------------------------------+
| 1b93f923-daff-40cc-8145-a3267769f26d | test |
[u'563841d1-1ae7-4c74-9231-fab88d44a76c',
u'ab93b257-9449-4545-b46b-8ec011df14e7',
u'd53d4015-50e4-4fb2-ab0d-1f7231065012'] |
+--------------------------------------+------+-----------------------------------------------------------------------------------------------------------------------------+
Currently, neutron-fwaas accept the arguments with full list of fw_rules on
fw_policy create/update. So this must be a OSC bug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1671338/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
