2562a9271c
Iptables chain is linear storage and filtering, when iptables rules are large, the load of l2 agent is heavy, this patch introduces ipset to security group for improving the security group performance. Change-Id: I6ff0ac519d0b9034d3bb5270885ed3cc1805674d Implements: blueprint add-ipset-to-security DocImpact
13 lines
348 B
XML
13 lines
348 B
XML
# neutron-rootwrap command filters for nodes on which neutron is
|
|
# expected to control network
|
|
#
|
|
# This file should be owned by (and only-writeable by) the root user
|
|
|
|
# format seems to be
|
|
# cmd-name: filter-name, raw-command, user, args
|
|
|
|
[Filters]
|
|
# neutron/agent/linux/iptables_firewall.py
|
|
# "ipset", "-A", ...
|
|
ipset: CommandFilter, ipset, root
|