diff --git a/neutron/agent/linux/ip_conntrack.py b/neutron/agent/linux/ip_conntrack.py index 094955e6afa..78cc62edaa7 100644 --- a/neutron/agent/linux/ip_conntrack.py +++ b/neutron/agent/linux/ip_conntrack.py @@ -79,10 +79,12 @@ class IpConntrackManager(object): def delete_conntrack_state_by_remote_ips(self, device_info_list, ethertype, remote_ips): - rule = {'ethertype': str(ethertype).lower(), 'direction': 'ingress'} - if remote_ips: - for remote_ip in remote_ips: - self._delete_conntrack_state( - device_info_list, rule, remote_ip) - else: - self._delete_conntrack_state(device_info_list, rule) + for direction in ['ingress', 'egress']: + rule = {'ethertype': str(ethertype).lower(), + 'direction': direction} + if remote_ips: + for remote_ip in remote_ips: + self._delete_conntrack_state( + device_info_list, rule, remote_ip) + else: + self._delete_conntrack_state(device_info_list, rule) diff --git a/neutron/tests/unit/agent/linux/test_iptables_firewall.py b/neutron/tests/unit/agent/linux/test_iptables_firewall.py index 2f8ab347a17..7700d266eb9 100644 --- a/neutron/tests/unit/agent/linux/test_iptables_firewall.py +++ b/neutron/tests/unit/agent/linux/test_iptables_firewall.py @@ -1131,9 +1131,17 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): '-w', 10], run_as_root=True, check_exit_code=True, extra_ok_codes=[1]), + mock.call(['conntrack', '-D', '-f', 'ipv4', '-s', '10.0.0.1', + '-w', 10], + run_as_root=True, check_exit_code=True, + extra_ok_codes=[1]), mock.call(['conntrack', '-D', '-f', 'ipv6', '-d', 'fe80::1', '-w', 10], run_as_root=True, check_exit_code=True, + extra_ok_codes=[1]), + mock.call(['conntrack', '-D', '-f', 'ipv6', '-s', 'fe80::1', + '-w', 10], + run_as_root=True, check_exit_code=True, extra_ok_codes=[1])] self.utils_exec.assert_has_calls(calls)