9168dbf93d
Through [1] ipset members are updated in update_security_group_members instead of updating during firewall apply. In the same way, we will delete conntrack entries immediately after deleting remote ipset members(in update_security_group_members) instead of deleting them after firewall apply. As explained in [2], this change partially fixes bug #1580377 i.e it deletes conntrack entries on remote hosts for a removed port. [1] https://review.openstack.org/#/c/347068/ [2] https://bugs.launchpad.net/neutron/+bug/1580377/comments/13 Co-Authored-By:shihanzhang <shihanzhang@huawei.com> Partial-Bug: #1580377 Change-Id: Iea3344a24e2a068b794c44796b4c945432379c13
7.4 KiB
7.4 KiB