Thanks An. The team has been working with An to review and validate these changes – we believe we are close to the final version and should be able to merge by tomorrow barring any unforeseen surprises. So pls consider adding these to the RC as they address some critical issues as outlined below. Thanks Sridar On 2/1/18, 10:12 PM, "AnNP at vn.fujitsu.com" <AnNP at vn.fujitsu.com> wrote: Hi, I would like to request inclusion of the following patches which address bugs found in our testing. https://review.openstack.org/#/c/539461/ Addressing: https://bugs.launchpad.net/neutron/+bug/1746404 'auto_associate_default_firewall_group' got an error when new port is created We started with a CfgOpt to Disable default FWG on ports. This has caused issues with Conntrack so this option is being removed. Also on a related note, we were mistakenly applying on other ports - so tightened up the validation to ensure that it is a VM port. And https://review.openstack.org/#/c/536234/ Addressing: https://bugs.launchpad.net/neutron/+bug/1746855 FWaaS V2 failures with Ml2 is Linuxbridge or security group driver is iptables_hybrid We have failures with Linuxbridge as it is not a supported option and if SG uses iptables_hybrid driver - we have seen issues which possibly might be addressed [1], but with not enough validation we would like to prevent this scenario as well. With more testing and addressing any issues we can remove the restriction on SG with iptables_hybrid driver in the R release. [1] https://review.openstack.org/#/c/538154/ Cheers, An __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev