f589293aec
When creating a firewall rule with port specified as a range of values, e.g. [1], conntrack command for deleting current conntrack entries is applied to the first number in the range, e.g. port #8778 in [1], instead of the range of ports 8778:9000. This incorrect behavior occurs because conntrack-tools does not understand the port as a range of values. This patch set fixes that issue by following the same method as done in the netlink implementation in [2]. [1] "neutron firewall-rule-create --protocol tcp --action allow --ip-version 4 --destination-port 8778:9000 --enabled True" [2] https://review.openstack.org/#/c/438445/ Closes-Bug: #1702242 Co-Authored-By: Vu Cong Tuan <tuanvc@vn.fujitsu.com> Change-Id: Ib17db09069a07f35109357d20b67b1acfa85c1a4
12 lines
498 B
YAML
12 lines
498 B
YAML
---
|
|
fixes:
|
|
- |
|
|
[`bug 1702242 <https://bugs.launchpad.net/neutron/+bug/1702242>`__]
|
|
Port range specification of a firewall rule now works expectedly
|
|
with the reference L3 agent based implementation.
|
|
Previously, when creating a firewall rule with port range like
|
|
``8778:9000``, the rule was not deleted correctly and only entries
|
|
associated with the first port number were clean up.
|
|
Note that this bug is only applied to the reference L3 agent
|
|
based implementation.
|