1213269 – [RFE] [neutron] [6.0.z] security group has hidden rule to prevent IP spoofing; it shouldn't be hidden and the admin should be able to disable it

Bug 1213269 - [RFE] [neutron] [6.0.z] security group has hidden rule to prevent IP spoofing; it shouldn't be hidden and the admin should be able to disable it

Summary: [RFE] [neutron] [6.0.z] security group has hidden rule to prevent IP spoofing...

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron
Sub Component:
Version:	6.0 (Juno)
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	z4
Target Release:	6.0 (Juno)
Assignee:	lpeer
QA Contact:	Ofer Blaut
Docs Contact:
URL:
Whiteboard:	upstream_milestone_kilo-3 upstream_de...
Depends On:	1167496
Blocks:	799011 1038706
TreeView+	depends on / blocked

Reported:	2015-04-20 08:12 UTC by Martin Schuppert
Modified:	2023-02-22 23:02 UTC (History)
CC List:	16 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:	1167496
Environment:
Last Closed:	2015-04-30 07:10:33 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openstack/tempest/blob/master/tempest/scenario/test_network_basic_ops.py#L811	None	None	None	2017-12-21 14:08:16 UTC
OpenStack gerrit	99873	None	None	None	Never
OpenStack gerrit	126552	None	None	None	Never
OpenStack gerrit	150835	None	None	None	Never

Comment 2 lpeer 2015-04-27 06:08:40 UTC

Terry Wilson researched the option to backport this feature and mentioned it requires a DB migration in addition to code conflicts -

" Even just the main patch has lots of conflicts, including some db migration stuff, would probably be pretty messy

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)

	deleted by us:   neutron/agent/linux/iptables_comments.py
	both modified:   neutron/agent/linux/iptables_firewall.py
	both modified:   neutron/db/migration/alembic_migrations/versions/HEAD
	both modified:   neutron/db/portsecurity_db.py
	both modified:   neutron/plugins/ml2/plugin.py
	deleted by us:   neutron/tests/functional/agent/linux/test_iptables_firewall.py
	both modified:   neutron/tests/unit/test_iptables_firewall.py
	both modified:   setup.cfg

"

Comment 3 lpeer 2015-04-30 07:10:33 UTC

Because of the complications mentioned in comment #2 we do not have concrete plans to backport this feature to OSP6.

Note You need to log in before you can comment on or make changes to this bug.