Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2293382

Summary: dropped packets are logged and can cause stalls if console=ttyS0
Product: Red Hat OpenStack Reporter: Robin Jarry <rjarry>
Component: tripleo-ansibleAssignee: Brendan Shephard <bshephar>
Status: CLOSED ERRATA QA Contact: Joe H. Rahme <jhakimra>
Severity: medium Docs Contact:
Priority: medium    
Version: 17.1 (Wallaby)CC: astupnik, bshephar, dmarchan, hjensas, jkreger, jparoly, knoha, mariel, pweeks
Target Milestone: z4Keywords: Triaged
Target Release: 17.1   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: tripleo-ansible-3.3.1-17.1.20240918100824.8debef3.el9ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-11-21 09:41:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2222869, 2276671    

Description Robin Jarry 2024-06-20 14:42:21 UTC 
There is an iptables/nftables rules installed by tripleo ansible which logs all dropped packets. When the console is redirected to serial with certain UART controllers, this can cause very long stalls (see bz 2276671 for more details).

I don't see any reason why we would need to log all dropped packets. This seems excessive and could even be the source of serious issues in the case of DOS attacks.

Could this rule be removed entirely?
Comment 2 Robin Jarry 2024-07-09 12:41:28 UTC 
*** Bug 2295875 has been marked as a duplicate of this bug. ***
Comment 17 errata-xmlrpc 2024-11-21 09:41:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (RHOSP 17.1.4 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:9974