[Openstack] FWaaS and the conntrack table
Marton Kiss
marton.kiss at gmail.com
Mon Jul 13 17:03:46 UTC 2015
Hi Peter,
What you think about opening a new bug ticket on the project's launchpad,
and/or talking with the developers on IRC?
Cheers,
Marton Kiss
On Mon, Jul 13, 2015 at 10:55 AM Erdősi Péter <fazy at niif.hu> wrote:
> Hi,
>
> I've faced a problem with FWaaS plugin in Neutron (Juno).
> The firewall works, but when I delete a rule from the policy, the
> connection will still works because of conntrack... (I tried with ping,
> and ssh)
> It's okay, if the connection will kept alive, if it's really alive, (an
> active SSH for example) but if I delete the ICMP rule, and stop pinging,
> and restart pinging, the ping will still works...
>
> If I go to my neutron server, and do a conntrack -F command on my
> relevant qrouter, the firewall starts working based on the valid rules...
>
> Are there any way, to configure the conntrack cleanup when FWaaS
> configuration modified by user?
>
> If not, can somebody help me, where to make changes on code, to run that
> command in the proper namespace after the iptables rule-generation?
>
>
> Regards,
> Peter
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150713/71777940/attachment.html>
More information about the Openstack
mailing list