1e220d7136
In case when security group is removed from port, connections established to/from port which were hitting some of the removed SG rules will be marked with CT_MARK_INVALID in the conntrack table. Due to that such existing connections will be stopped. But then if SG will be added again to the port, those conntrack entries marked as invalid will not be removed and those hang connections will not be revived. To fix that, this patch adds deletion of the conntrack entries marked with CT_MARK_INVALID and related to the port of which SG are updated/added. Closes-Bug: #1915530 Change-Id: I84718b8ac4d8d6e39426e1c4485c2d7fe28185dd |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| test_firewall.py | ||
| test_iptables.py | ||
| test_rules.py | ||