[Openstack-operators] Help on Iptables in Openstack

shiva m anjaneya2 at gmail.com
Tue Apr 1 06:04:34 UTC 2014

Hi Joseph, Razique,

Thank you for response. I tried adding security-groups from dashboard, but
it doesnt help. I was trying to spoof a VM instance with  spoof source MAC
and spoof  source IP, but the  packet is  not reaching br-int. If I  give
proper source MAC  and proper source  IP, the packet reaches br-int and
things work normal. I observed  Openstack stops spoof packets which are
not originating from VM instance before reaching br-int (at tap interface).
I need help to send a spoof  packet from  VM. Is there any way to disable
iptable rules.
Also adding security group rules using command line and using dash-board
are they same?


On Sat, Mar 29, 2014 at 3:58 AM, Joseph Breu <breu at breu.org> wrote:

> Shiva,
> iptables changes are made by neutron and a variety of other services and
> those should not be modified by hand.  They will be re-created when certain
> actions are triggered in OpenStack.
> If you are trying to change the iptables rules for a launched instance
> that should be done with security groups and not by direct manipulation of
> the iptables rules.
> Maybe you could describe that it is you are trying to do and we can
> provide guidance?
> ---
> Joseph Breu
> Deployment Engineer
> Rackspace Private Cloud
> 210-312-3508
> On Mar 28, 2014, at 3:10 PM, shiva m <anjaneya2 at gmail.com> wrote:
> Hi Razique,
> Thank you for your reply.  You mean iptables-save as configuration? So, if
> i edit a chain in iptables-save and re-store back, does added rule gets
> effect?
> I did a iptables -F on a chain and all iptable rules for that neutron
> chain got deleted. But the moment I restart VM or launch a new VM, deleted
> chain rules got reloaded into iptables.
> Thanks,
> Shiva
>  _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20140401/a890bbb1/attachment.html>

More information about the OpenStack-operators mailing list