Hide Forgot
Description of problem: Today, as to un-block the GCP team urgently, we had to whitelist the DNS port 53 in SDN. However, for the moment the matching openflow rule has not been defined. Version-Release number of selected component (if applicable): Target version is 4.2.0 How reproducible: Rule should be defined in "pkg/network/node/ovscontroller.go" in openshift/sdn Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Hi After discussion within the team, we've come to the conclusion to not create this ovs rule, complementing the already existing iptables rules. The iptables rules already block all tcp/udp connections to 169.254.169.254 on all ports except port 53. Complementary OVS rules are not needed and add additional technical complexity not worth the effort (OVS rules do not support negated conditions, ex: "block all ! port 53"). If there are any arguments against this, please re-open the bug and assign to me. Best regards Alexander