Reviewed: https://review.openstack.org/301029 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=142b68f0757ab036d56bc9b4563b7a4481527deb Submitter: Jenkins Branch: master
commit 142b68f0757ab036d56bc9b4563b7a4481527deb Author: Kevin Benton <ke...@benton.pub> Date: Fri Apr 1 01:53:10 2016 -0700 De-dup user-defined SG rules before iptables call A port may be a member of multiple security groups. These security groups may have dupilcate rules between them (e.g. they both allow all EGRESS traffic). If the iptables manager is called with duplicated rules, it emits a warning of a possible bug in the rule generation code because it doesn't expect there to be duplicated rules. This patch fixes this by de-duplicating user-defined security group rules before dispatching the calls to the iptables_manager. Change-Id: I98dbe60df1bcf68b9922deee63dd0328c4c10dd0 Closes-Bug: #1565705 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1565705 Title: iptables duplicate rule warning on ports with multiple security groups Status in neutron: Fix Released Bug description: If ports are members of multiple security groups, there may be duplicate rules when it comes time to convert them to iptables rules (e.g. both groups have a rule to allow TCP port 80). This results in warnings from the iptables manager detecting duplicate rules that hint that there may be a bug. For example: WARNING neutron.agent.linux.iptables_manager [req- 944a9996-062b-4588-9536-d5df779da344 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-openvswi-oe4186b39-0 -j RETURN This warning resulted from a port that was a member of two security groups that both allowed all EGRESS traffic. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1565705/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp