Bug 1213269

Summary: [RFE] [neutron] [6.0.z] security group has hidden rule to prevent IP spoofing; it shouldn't be hidden and the admin should be able to disable it
Product: Red Hat OpenStack Reporter: Martin Schuppert <mschuppe>
Component: openstack-neutronAssignee: lpeer <lpeer>
Status: CLOSED NEXTRELEASE QA Contact: Ofer Blaut <oblaut>
Severity: high Docs Contact:
Priority: high    
Version: 6.0 (Juno)CC: chrisw, ekuris, johfulto, jshortt, lpeer, majopela, mschuppe, nyechiel, oblaut, racedoro, ragiman, rhos-integ, sgordon, tfreger, twilson, yeylon
Target Milestone: z4Keywords: FutureFeature, ZStream
Target Release: 6.0 (Juno)   
Hardware: x86_64   
OS: Linux   
Whiteboard: upstream_milestone_kilo-3 upstream_definition_approved upstream_status_implemented
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1167496 Environment:
Last Closed: 2015-04-30 07:10:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1167496    
Bug Blocks: 799011, 1038706    

Comment 2 lpeer 2015-04-27 06:08:40 UTC 
Terry Wilson researched the option to backport this feature and mentioned it requires a DB migration in addition to code conflicts -

" Even just the main patch has lots of conflicts, including some db migration stuff, would probably be pretty messy

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)

	deleted by us:   neutron/agent/linux/iptables_comments.py
	both modified:   neutron/agent/linux/iptables_firewall.py
	both modified:   neutron/db/migration/alembic_migrations/versions/HEAD
	both modified:   neutron/db/portsecurity_db.py
	both modified:   neutron/plugins/ml2/plugin.py
	deleted by us:   neutron/tests/functional/agent/linux/test_iptables_firewall.py
	both modified:   neutron/tests/unit/test_iptables_firewall.py
	both modified:   setup.cfg

"
Comment 3 lpeer 2015-04-30 07:10:33 UTC 
Because of the complications mentioned in comment #2 we do not have concrete plans to backport this feature to OSP6.