Cleanup release note about ignoring allow_same_net_traffic

A large chunk of the release note for this is duplicated with the same reno from e5080c7330 but the formatting and wording is slightly different. This fixes them to look similar for the duplicate text. Change-Id: Idd6149ae85ac2724633b80e938c4c1bf981b772b
2017-08-08 12:43:20 -04:00 · 2017-08-08 12:43:20 -04:00 · 0cae8d50fa
commit 0cae8d50fa
parent 94638e353a
1 changed files with 11 additions and 8 deletions
--- a/releasenotes/notes/libvirt-ignore-allow_same_net_traffic-fd88bb2801b81561.yaml
+++ b/releasenotes/notes/libvirt-ignore-allow_same_net_traffic-fd88bb2801b81561.yaml
@ -1,18 +1,21 @@
 ---
 upgrade:
  - |
-    The libvirt driver provides port filtering capability. This capability is
-    enabled when the following is true:
+    The libvirt driver port filtering feature will now ignore the
+    ``allow_same_net_traffic`` config option.

-    - The `nova.virt.libvirt.firewall.IptablesFirewallDriver` firewall driver
+    The libvirt driver provides port filtering capability. This capability
+    is enabled when the following is true:
+
+    - The ``nova.virt.libvirt.firewall.IptablesFirewallDriver`` firewall driver
      is enabled
    - Security groups are disabled
-    - Neutron port filtering is disabled
-    - An IPTables-compatible interface is used, e.g. hybrid mode, where the
-        VIF is a tap device
+    - Neutron port filtering is disabled/unsupported
+    - An IPTables-compatible interface is used, e.g. an OVS VIF in hybrid mode,
+      where the VIF is a tap device connected to OVS with a bridge

-    When enabled, libvirt applies IPTables rules that provide MAC, IP, and
-    ARP spoofing protection.
+    When enabled, libvirt applies IPTables rules to all interface ports that
+    provide MAC, IP, and ARP spoofing protection.

    Previously, setting the `allow_same_net_traffic` config option to `True`
    allowed for same network traffic when using these port filters. This was