Note de la release actuelle

Note de la release actuelle¶

21.0.0-7¶

Nouvelles fonctionnalités¶

L3 stateless firewall support for ML2/OVN driver is implemented.

Problèmes connus¶

If the user configures stateful security group rules for VMs ports and stateless L3 firewall rules for gateway ports like this:
- SG ingress rules: –remote_ip_prefix 0.0.0.0/0
- FW ingress rules: –destination_ip_address 0.0.0.0/0 –action allow
It only opens ingress traffic for another network to access VM, but the reply traffic (egress direction) also passes because it matches the committed conntrack entry. So it only works well with stateless security groups for VMs.

this page last updated: 2024-11-14 12:34:31

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.