1015885 – Firewall rule which created with "--disabled" is actually enabled

Bug 1015885 - Firewall rule which created with "--disabled" is actually enabled

Summary: Firewall rule which created with "--disabled" is actually enabled

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-neutronclient
Sub Component:
Version:	4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.0
Assignee:	Assaf Muller
QA Contact:	Ofer Blaut
Docs Contact:
URL:
Whiteboard:	network
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-10-06 14:07 UTC by Rami Vaknin
Modified:	2016-04-27 02:59 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-03 09:44:55 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Launchpad	1250028	0	None	None	None	Never

Description Rami Vaknin 2013-10-06 14:07:43 UTC

Version
=======
4.0 on RHEL6.5, puddle 2013-10-03.3
openstack-neutron-2013.2-0.3.3.b3.el6ost, ovs, iptables driver firewall


Description
===========
Create a firewall rule with the "--disabled" parameter, this parameter is not counter at creation time and the rule is actually created as enabled, only update of the rule with additional command can really change it to disabled.

[root@puma10 ~(keystone_admin)]# neutron firewall-rule-create --name "tcp_82_allow_all_all" --destination-port 82 --protocol tcp --action allow --disabled
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field                  | Value                                |
+------------------------+--------------------------------------+
| action                 | allow                                |
| description            |                                      |
| destination_ip_address |                                      |
| destination_port       | 82                                   |
| enabled                | True                                 |
| firewall_policy_id     |                                      |
| id                     | 7fd6c436-1872-4201-a533-bd25e35b29d3 |
| ip_version             | 4                                    |
| name                   | tcp_82_allow_all_all                 |
| position               |                                      |
| protocol               | tcp                                  |
| shared                 | False                                |
| source_ip_address      |                                      |
| source_port            |                                      |
| tenant_id              | 998b938cb25a41a89eb97e0eb324573d     |
+------------------------+--------------------------------------+

Comment 3 Assaf Muller 2013-12-01 11:48:34 UTC

Patch has been merged upstream.

Comment 4 lpeer 2013-12-03 09:44:55 UTC

The bug was in the CLI and was fixed u/s.
It is not part of Havana but should be available when we do the next re-base

Note You need to log in before you can comment on or make changes to this bug.