Current Series Release Notes¶
21.0.0-7¶
New Features¶
L3 stateless firewall support for ML2/OVN driver is implemented.
Known Issues¶
If the user configures stateful security group rules for VMs ports and stateless L3 firewall rules for gateway ports like this:
SG ingress rules: –remote_ip_prefix 0.0.0.0/0
FW ingress rules: –destination_ip_address 0.0.0.0/0 –action allow
It only opens ingress traffic for another network to access VM, but the reply traffic (egress direction) also passes because it matches the committed conntrack entry. So it only works well with stateless security groups for VMs.