Bug closed due to lack of activity, please feel free to reopen if needed. ** Changed in: neutron Status: New => Won't Fix
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1715789 Title: ovsfw rejects old connections after re-add former rules Status in neutron: Won't Fix Bug description: Reproduction procedure: 1.An all-in-one devstack enviroment, use latest master branch and openvswitch driver: [securitygroup] firewall_driver = openvswitch 2. launch two VMs with security_group SG1, which have two rules: rule1: egress, IPv4 rule2: ingress, IPv4, 22/tcp, remote_ip_prefix: 0.0.0.0/0 3.SSH to VM2 from VM1 4.Delete rule2, check that SSH connection is blocked 5.re-add rule1 to SG1, check that SSH connection is still blocked. The reason is that the conntrack entry is not aged and marked to 1: root@devstack:~# conntrack -L --zone=1 tcp 6 298 ESTABLISHED src=10.0.0.3 dst=10.0.0.8 sport=38844 dport=22 src=10.0.0.8 dst=10.0.0.3 sport=22 dport=38844 [ASSURED] mark=1 zone=1 use=1 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1715789/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp