Public bug reported: We currently generate single host rules as just the IP address and /0 rules for any address (for source and destination matching criteria). This is compatible with the input of iptables but it's not the way the rules are represented by iptables when they come back.
Iptables eliminates the /0 rules completely because they aren't a filtering criteria and it converts single IPs into /32 or /128 depending on IP version. We need to generate the rules in the same fashion so the counter matching code can find them and not destroy the counters on every update. ** Affects: neutron Importance: Undecided Assignee: Kevin Benton (kevinbenton) Status: New ** Changed in: neutron Assignee: (unassigned) => Kevin Benton (kevinbenton) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1502917 Title: iptables rule generation doesn't match prefixes of /0, /32 and /128 correctly Status in neutron: New Bug description: We currently generate single host rules as just the IP address and /0 rules for any address (for source and destination matching criteria). This is compatible with the input of iptables but it's not the way the rules are represented by iptables when they come back. Iptables eliminates the /0 rules completely because they aren't a filtering criteria and it converts single IPs into /32 or /128 depending on IP version. We need to generate the rules in the same fashion so the counter matching code can find them and not destroy the counters on every update. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1502917/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp