diff options
author | Zuul <zuul@review.opendev.org> | 2022-08-26 08:42:03 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2022-08-26 08:42:03 +0000 |
commit | 76b6388d4b78b7e40939cf65f7e8a8fb7a14b089 (patch) | |
tree | 4e5a43612ac1d5390fcabb46a218330161b957e0 /releasenotes | |
parent | d4790238cd6af16fbaabc035097de3d061f6ad62 (diff) | |
parent | bbefe5285e7ab799422fab81488f57c9c22769b6 (diff) | |
download | neutron-76b6388d4b78b7e40939cf65f7e8a8fb7a14b089.tar.gz |
Merge "Allow operator to disable usage of random-fully"
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/use_random_fully-527b20bc524c308a.yaml | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/releasenotes/notes/use_random_fully-527b20bc524c308a.yaml b/releasenotes/notes/use_random_fully-527b20bc524c308a.yaml new file mode 100644 index 0000000000..76fb36590c --- /dev/null +++ b/releasenotes/notes/use_random_fully-527b20bc524c308a.yaml @@ -0,0 +1,15 @@ +--- +features: + - | + Add ``use_random_fully`` setting to allow an operator to disable + the iptables random-fully property on an iptable rules. +issues: + - | + If the ``use_random_fully`` setting is disabled, it will prevent + random fully from being used and if there're 2 guests in different + networks using the same source_ip and source_port and they try to + reach the same dest_ip and dest_port, packets might be dropped in + the kernel do to the racy tuple generation . Disabling this + setting should only be done if source_port is really important such + as in network firewall ACLs and that the source_ip are never repeating + within the platform. |