From 4ca04fa21a860800daf244faa86682c9eff544fc Mon Sep 17 00:00:00 2001
From: KATO Tomoyuki <kato.tomoyuki@jp.fujitsu.com>
Date: Thu, 7 Jan 2016 20:35:28 +0900
Subject: [PATCH] Add note about src/dest IP version validation

The FwaaS API should not allow the creation of firewall rules where
the ip_version is set to 4, but the source or destination IPs are
IPv6 addresses.

Change-Id: I0af9db3cacec38a5ee4c39ea3a257487dfab828e
Closes-Bug: #1505776
Closes-Bug: #1508057
---
 doc/admin-guide-cloud/source/networking_introduction.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/admin-guide-cloud/source/networking_introduction.rst b/doc/admin-guide-cloud/source/networking_introduction.rst
index e500114249..1d8ee080d9 100644
--- a/doc/admin-guide-cloud/source/networking_introduction.rst
+++ b/doc/admin-guide-cloud/source/networking_introduction.rst
@@ -233,12 +233,19 @@ Then, create a firewall that applies the policy.
    .. code-block:: console
 
       $ neutron firewall-rule-create --protocol {tcp,udp,icmp,any} \
+        --source-ip-address SOURCE_IP_ADDRESS \
+        --destination-ip-address DESTINATION_IP_ADDRESS \
         --source-port SOURCE_PORT_RANGE --destination-port DEST_PORT_RANGE \
         --action {allow,deny,reject}
 
    The Networking client requires a protocol value; if the rule is protocol
    agnostic, you can use the ``any`` value.
 
+   .. note::
+
+      When the source or destination IP address are not of the same IP
+      version (for example, IPv6), the command returns an error.
+
 #. Create a firewall policy:
 
    .. code-block:: console