6da1543f49
In case when security group is removed from port, connections
established to/from port which were hitting some of the removed SG
rules will be marked with CT_MARK_INVALID in the conntrack table.
Due to that such existing connections will be stopped.
But then if SG will be added again to the port, those conntrack entries
marked as invalid will not be removed and those hang connections will
not be revived.
To fix that, this patch adds deletion of the conntrack entries marked
with CT_MARK_INVALID and related to the port of which SG are
updated/added.
Closes-Bug: #1915530
Change-Id: I84718b8ac4d8d6e39426e1c4485c2d7fe28185dd
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| __init__.py | ||
| constants.py | ||
| exceptions.py | ||
| firewall.py | ||
| iptables.py | ||
| rules.py | ||