Reviewed: https://review.openstack.org/284259 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=4f6aa3ffde2fd68b85bc5dfdaf6c2684931f3f61 Submitter: Jenkins Branch: master
commit 4f6aa3ffde2fd68b85bc5dfdaf6c2684931f3f61 Author: Jakub Libosvar <libos...@redhat.com> Date: Wed Feb 24 16:34:07 2016 +0000 ovs-fw: Mark conntrack entries invalid if no rule is matched This patch makes sure that existing connection breaks once security group rule that allowed such connection is removed. Due to correctly track connections on the same hypervisor, zones were changed from per-port to per-network (based on port's vlan tag). This information is now stored in register 6. Also there was added a test for RELATED connections to avoid marking such connection as invalid by REPLY rules. Closes-Bug: 1549370 Change-Id: Ibb5942a980ddd8f2dd7ac328e9559a80c05789bb ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1549370 Title: Existing connections are not dropped with ovs-firewall when rule is removed Status in neutron: Fix Released Bug description: When rule that allows some traffic is removed from security group, all existing connections going to port using this rule should be cut. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1549370/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp