Bug 1015885

Summary: Firewall rule which created with "--disabled" is actually enabled
Product: Red Hat OpenStack Reporter: Rami Vaknin <rvaknin>
Component: python-neutronclientAssignee: Assaf Muller <amuller>
Status: CLOSED NEXTRELEASE QA Contact: Ofer Blaut <oblaut>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: chrisw, hateya, jruzicka, lpeer, oblaut, yeylon
Target Milestone: ---   
Target Release: 4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: network
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-03 09:44:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rami Vaknin 2013-10-06 14:07:43 UTC 
Version
=======
4.0 on RHEL6.5, puddle 2013-10-03.3
openstack-neutron-2013.2-0.3.3.b3.el6ost, ovs, iptables driver firewall


Description
===========
Create a firewall rule with the "--disabled" parameter, this parameter is not counter at creation time and the rule is actually created as enabled, only update of the rule with additional command can really change it to disabled.

[root@puma10 ~(keystone_admin)]# neutron firewall-rule-create --name "tcp_82_allow_all_all" --destination-port 82 --protocol tcp --action allow --disabled
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field                  | Value                                |
+------------------------+--------------------------------------+
| action                 | allow                                |
| description            |                                      |
| destination_ip_address |                                      |
| destination_port       | 82                                   |
| enabled                | True                                 |
| firewall_policy_id     |                                      |
| id                     | 7fd6c436-1872-4201-a533-bd25e35b29d3 |
| ip_version             | 4                                    |
| name                   | tcp_82_allow_all_all                 |
| position               |                                      |
| protocol               | tcp                                  |
| shared                 | False                                |
| source_ip_address      |                                      |
| source_port            |                                      |
| tenant_id              | 998b938cb25a41a89eb97e0eb324573d     |
+------------------------+--------------------------------------+
Comment 3 Assaf Muller 2013-12-01 11:48:34 UTC 
Patch has been merged upstream.
Comment 4 lpeer 2013-12-03 09:44:55 UTC 
The bug was in the CLI and was fixed u/s.
It is not part of Havana but should be available when we do the next re-base