|Summary:||[3.10] firewalld reload causes namespace wide egress IP to stop working|
|Product:||OpenShift Container Platform||Reporter:||Dan Winship <danw>|
|Component:||Networking||Assignee:||Dan Winship <danw>|
|Status:||CLOSED ERRATA||QA Contact:||Meng Bo <bmeng>|
|Version:||3.10.0||CC:||aos-bugs, bmeng, mcurry, tibrahim, weliang|
|Fixed In Version:||Doc Type:||Bug Fix|
Cause: Egress IP-related iptables rules were not recreated if they got deleted. Consequence: If a user restarted firewalld or iptables.service on a node that hosted egress IPs, then those egress IPs would stop working. (Traffic that should have used the egress IP would use the node's normal IP instead.) Fix: Egress IP iptables rules are now recreated if they are removed. Result: Egress IPs work reliably.
|Last Closed:||2019-01-10 09:27:10 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Comment 2 Weibin Liang 2018-12-04 16:10:01 UTC
Tested in v3.10.83 and the issue was fixed.
Comment 4 errata-xmlrpc 2019-01-10 09:27:10 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0026