Merge "Don't add conntrack entries for vxlan" into stable/train

2022-05-02 15:22:58 +00:00 · 2022-05-02 15:22:58 +00:00 · 4ef8cc7746
parent 364e345c8b 0f6101dffb
commit 4ef8cc7746
1 changed files with 17 additions and 0 deletions
--- a/deployment/neutron/neutron-ovs-agent-container-puppet.yaml
+++ b/deployment/neutron/neutron-ovs-agent-container-puppet.yaml
@ -220,6 +220,23 @@ outputs:
    description: Role data for Neutron openvswitch service
    value:
      service_name: neutron_ovs_agent
+      firewall_rules:
+        '120 neutron vxlan networks no conntrack':
+          proto:  'udp'
+          dport:  4789
+          table:  'raw'
+          chain:  'OUTPUT'
+          jump:   'NOTRACK'
+          action: 'append'
+          state: []
+        '121 neutron vxlan networks no conntrack':
+          proto:  'udp'
+          dport:  4789
+          table:  'raw'
+          chain:  'PREROUTING'
+          jump:   'NOTRACK'
+          action: 'append'
+          state: []
      monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
      config_settings:
        map_merge: