<div dir="ltr"><div><div><div><div><div>Hi Joseph, Razique,<br></div><br></div>Thank you for response. I tried adding security-groups from dashboard, but it doesnt help. I was trying to spoof a VM instance with spoof source MAC and spoof source IP, but the packet is not reaching br-int. If I give proper source MAC and proper source IP, the packet reaches br-int and things work normal. I observed Openstack stops spoof packets which are not originating from VM instance before reaching br-int (at tap interface). I need help to send a spoof packet from VM. Is there any way to disable iptable rules.<br>
</div>Also adding security group rules using command line and using dash-board are they same?<br><br></div></div>Thanks,<br>Shiva<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Mar 29, 2014 at 3:58 AM, Joseph Breu <span dir="ltr"><<a href="mailto:breu@breu.org" target="_blank">breu@breu.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Shiva,<div><br></div><div>iptables changes are made by neutron and a variety of other services and those should not be modified by hand. They will be re-created when certain actions are triggered in OpenStack.</div>
<div><br></div><div>If you are trying to change the iptables rules for a launched instance that should be done with security groups and not by direct manipulation of the iptables rules.</div><div><br></div><div>Maybe you could describe that it is you are trying to do and we can provide guidance?</div>
<div><br><div>
<span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;white-space:normal;font-family:Helvetica;word-spacing:0px"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<div>---</div><div>Joseph Breu</div><div>Deployment Engineer</div><div>Rackspace Private Cloud</div><div>210-312-3508</div></div></span></div></span></span>
</div>
<br><div><div><div class="h5"><div>On Mar 28, 2014, at 3:10 PM, shiva m <<a href="mailto:anjaneya2@gmail.com" target="_blank">anjaneya2@gmail.com</a>> wrote:</div><br></div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr"><div><div>Hi Razique,<br><br></div>Thank you for your reply. You mean iptables-save as configuration? So, if i edit a chain in iptables-save and re-store back, does added rule gets effect?<br><br></div><div>
I did a iptables -F on a chain and all iptable rules for that neutron chain got deleted. But the moment I restart VM or launch a new VM, deleted chain rules got reloaded into iptables.<br><br></div><div>Thanks,<br>Shiva<br>
</div></div></div></div><div class="">
_______________________________________________<br>OpenStack-operators mailing list<br><a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
</div></blockquote></div><br></div></div></blockquote></div><br></div>