firewall blocking policy is hard coded to DROP
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| OpenStack Compute (nova) |
Wishlist
|
Michael Still |
Bug Description
nova/virt/
It would be interesting/useful to be able to configure the behaviour in this area (e.g. some installations might choose REJECT to make it more obvious to users what is happening, or even add a LOG as well)
Thierry Carrez (ttx) wrote : | #1 |
tags: | added: canonistack |
Michael Still (mikalstill) wrote : | #2 |
This should be pretty easy to do. I'm going to grab this and I'll have a go when havana opens up.
Changed in nova: | |
milestone: | none → havana-1 |
Fix proposed to branch: master
Review: https:/
Reviewed: https:/
Committed: http://
Submitter: Jenkins
Branch: master
commit c9e3d5392222330
Author: Michael Still <email address hidden>
Date: Sun Mar 17 01:36:42 2013 +1100
Make iptables drop action configurable.
Resolves bug 1013893 by allowing the setting of the iptables drop
action with a configuration flag. It is expected that this would be
used for run a LOGDROP action before actually dropping the packet.
DocImpact: the drop action for iptables rules can now be configured
for nova-network users with the iptables_
Change-Id: I15720d27429556
Changed in nova: | |
status: | Fix Committed → Fix Released |
I /think/ Quantum gives you more flexibility in that area...