Hi nova-devs, I raised a bug about nova-api-metadata messing with iptables on a host https://bugs.launchpad.net/nova/+bug/1648643 <https://bugs.launchpad.net/nova/+bug/1648643> It got closed as won’t fix but I think it could do with a little more discussion. Currently nova-api-metadata will create an iptable rule and also delete other rules on the host. This was needed for back in the nova-network days as there was some trickery going on there. Now with neutron and neutron-metadata-proxy nova-api-metadata is little more that a web server much like nova-api. I may be missing some use case but I don’t think nova-api-metadata needs to care about firewall rules (much like nova-api doesn’t care about firewall rules) Thanks, Sam -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170110/a8c1da17/attachment.html>