Fwaas (bind a firewall to DVR router when its floating-ip count is zero): the firewall rules does not take effect for a VM after binding a floating ip to the VM.
Bug #1656754 reported by
wujun
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| neutron |
New
|
Undecided
|
wujun | ||
Bug Description
environment: Mitaka
In the DVR mode:
1. create a router, a firewall and a VM
2. bind the firewall to the router of VM
Now, the firewall rule take effect in the snat namespace. It is normal.
3. bind a floatingip to the VM
Now, the firewall rule does not take effect in the qrouter namespace. It is abnormal.
Unless we unbind the firewall and then rebind it.
Before bind the floating ip : VM->qrouter->snat
After bind the floating ip : VM->qrouter->fip
In the Fwaas code, When create a firewall, it will check the variable dist_fip_count.Only if it is bigger than zero, it will take effect on the interface "rfp-".
So, we bind a firewall to a router before bind floating ip to a VM,the firewall rule will
not take effect for the VM.
| description: | updated |
| Changed in neutron: | |
| assignee: | nobody → wujun (wujun) |
| tags: | added: fwaas |
| summary: |
- Fwaas (Bind a firewall to DVR router when its floating-ip count is - zero): The firewall does not take effect for a VM after binding a + Fwaas (bind a firewall to DVR router when its floating-ip count is + zero): the firewall rules does not take effect for a VM after binding a floating ip to the VM. |
To post a comment you must log in.
