[openstack-dev] [neutron] - Changing the Neutron default security group rules

Mathieu Gagné mgagne at internap.com
Thu Mar 3 18:00:13 UTC 2016


On 2016-03-03 12:53 PM, Sean M. Collins wrote:
> sridhar basam wrote:
>> This doesn't sound like a neutron issue but an issue with how the
>> conntrack module for GRE changed in the kernel in 3.18.
>>
>>
>> http://comments.gmane.org/gmane.comp.security.firewalls.netfilter.general/47705
>>
>> Sri
> 
> Oooh! Wicked nice find. Thanks Sri!
> 

We had issue with GRE but unrelated to the one mentioned above.

Although security group is configured to allow GRE,
nf_conntrack_proto_gre module is not loaded by iptables/Neutron and
traffic is dropped. We had to load the module manually.

-- 
Mathieu



More information about the OpenStack-dev mailing list