[openstack-dev] [neutron] - Changing the Neutron default security group rules

Mathieu Gagné mgagne at internap.com
Thu Mar 3 18:00:13 UTC 2016

On 2016-03-03 12:53 PM, Sean M. Collins wrote:
> sridhar basam wrote:
>> This doesn't sound like a neutron issue but an issue with how the
>> conntrack module for GRE changed in the kernel in 3.18.
>> http://comments.gmane.org/gmane.comp.security.firewalls.netfilter.general/47705
>> Sri
> Oooh! Wicked nice find. Thanks Sri!

We had issue with GRE but unrelated to the one mentioned above.

Although security group is configured to allow GRE,
nf_conntrack_proto_gre module is not loaded by iptables/Neutron and
traffic is dropped. We had to load the module manually.


More information about the OpenStack-dev mailing list