From 0cae8d50fa3d039c601f3ee60840ff06fd4a3e45 Mon Sep 17 00:00:00 2001
From: Matt Riedemann <mriedem.os@gmail.com>
Date: Tue, 8 Aug 2017 12:43:20 -0400
Subject: [PATCH] Cleanup release note about ignoring allow_same_net_traffic

A large chunk of the release note for this is duplicated with
the same reno from e5080c733076f5098f85952051878f41d47f8181
but the formatting and wording is slightly different.

This fixes them to look similar for the duplicate text.

Change-Id: Idd6149ae85ac2724633b80e938c4c1bf981b772b
---
 ...low_same_net_traffic-fd88bb2801b81561.yaml | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/releasenotes/notes/libvirt-ignore-allow_same_net_traffic-fd88bb2801b81561.yaml b/releasenotes/notes/libvirt-ignore-allow_same_net_traffic-fd88bb2801b81561.yaml
index 7c1e3a15b27b..c381b5a38435 100644
--- a/releasenotes/notes/libvirt-ignore-allow_same_net_traffic-fd88bb2801b81561.yaml
+++ b/releasenotes/notes/libvirt-ignore-allow_same_net_traffic-fd88bb2801b81561.yaml
@@ -1,18 +1,21 @@
 ---
 upgrade:
   - |
-    The libvirt driver provides port filtering capability. This capability is
-    enabled when the following is true:
+    The libvirt driver port filtering feature will now ignore the
+    ``allow_same_net_traffic`` config option.
 
-    - The `nova.virt.libvirt.firewall.IptablesFirewallDriver` firewall driver
+    The libvirt driver provides port filtering capability. This capability
+    is enabled when the following is true:
+
+    - The ``nova.virt.libvirt.firewall.IptablesFirewallDriver`` firewall driver
       is enabled
     - Security groups are disabled
-    - Neutron port filtering is disabled
-    - An IPTables-compatible interface is used, e.g. hybrid mode, where the
-        VIF is a tap device
+    - Neutron port filtering is disabled/unsupported
+    - An IPTables-compatible interface is used, e.g. an OVS VIF in hybrid mode,
+      where the VIF is a tap device connected to OVS with a bridge
 
-    When enabled, libvirt applies IPTables rules that provide MAC, IP, and
-    ARP spoofing protection.
+    When enabled, libvirt applies IPTables rules to all interface ports that
+    provide MAC, IP, and ARP spoofing protection.
 
     Previously, setting the `allow_same_net_traffic` config option to `True`
     allowed for same network traffic when using these port filters. This was