8044148451
With nftables, we drop all types of connection that don't have any "accept" rule. This is a change compared to the current iptables, where we drop only the NEW ones. We detected some of the ironic connections as SYN and/or ACK only, and they were dropped. We can see such drops in the hackmd set to track the nftables switch[1]. [1] https://hackmd.io/F0W2gYw_SiaiWkowjFU9cw Change-Id: I97e24d6eab8944193c7ce458ec2e45d9e37571cb |
||
---|---|---|
.. | ||
ironic-api-container-puppet.yaml | ||
ironic-base-puppet.yaml | ||
ironic-conductor-container-puppet.yaml | ||
ironic-inspector-container-puppet.yaml | ||
ironic-neutron-agent-container-puppet.yaml | ||
ironic-pxe-container-puppet.yaml |