[Openstack-security] [Bug 1618879] Fix included in openstack/neutron 9.0.0.0rc1
OpenStack Infra
1618879 at bugs.launchpad.net
Tue Oct 18 16:57:40 UTC 2016
This issue was fixed in the openstack/neutron 9.0.0.0rc1 release
candidate.
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1618879
Title:
iptables rule always be thrashed when update a little rule
Status in neutron:
Fix Released
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
When update meter label or rule, iptables_manager will update iptables
rule in router's namespace. In order to, it will clean traffic counter
number collected in interval time, the other iptables always trashing
that will clean old iptalbes rule and generate new same significance
iptables rule.
the example from update meter label:
Generated by iptables_manager
*filter
:neutron-meter-neutron-met - [0:0]
:neutron-meter-r-00599199-632 - [0:0]
-I FORWARD 2 -j neutron-meter-FORWARD
-D FORWARD 4
-I INPUT 1 -j neutron-meter-INPUT
-D INPUT 3
-I OUTPUT 2 -j neutron-meter-OUTPUT
-D OUTPUT 4
-I neutron-filter-top 1 -j neutron-meter-local
-D neutron-filter-top 3
-D neutron-meter-l-00e4e019-099 1
-I neutron-meter-l-00e4e019-099 1
-D neutron-meter-l-01e4e019-099 1
-I neutron-meter-l-01e4e019-099 1
-I neutron-meter-r-00599199-632 1 -i qg-f0732f6f-8e -d 192.168.10.0/24 -j neutron-meter-l-00599199-632
COMMIT
# Completed by iptables_manager
# Generated by iptables_manager
*raw
-I OUTPUT 1 -j neutron-meter-OUTPUT
-D OUTPUT 3
-I PREROUTING 1 -j neutron-meter-PREROUTING
-D PREROUTING 3
COMMIT
# Completed by iptables_manager
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1618879/+subscriptions
More information about the Openstack-security
mailing list