Public bug reported: FWaaS doesn't seem to be fully compatible with Neutron DVR at the moment.
With firewall created I'm observing firewall rules in SNAT namespace on the network node. It's OK if instances don't have floating IPs assigned. But when I assign a floating IP to an instance, firewall rules are still only in SNAT-namespaces, however, they should also exist on a compute node. So traffic just bypasses firewall rules in that case. ** Affects: neutron Importance: Undecided Status: New ** Tags: fwaas l3-dvr-backlog -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1485509 Title: Firewall doesn't work for instances with floating IPs in DVR mode Status in neutron: New Bug description: FWaaS doesn't seem to be fully compatible with Neutron DVR at the moment. With firewall created I'm observing firewall rules in SNAT namespace on the network node. It's OK if instances don't have floating IPs assigned. But when I assign a floating IP to an instance, firewall rules are still only in SNAT-namespaces, however, they should also exist on a compute node. So traffic just bypasses firewall rules in that case. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1485509/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp