Merge "Cleanup release note about ignoring allow_same_net_traffic"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
1ce3d78982
@ -1,18 +1,21 @@
|
|||||||
---
|
---
|
||||||
upgrade:
|
upgrade:
|
||||||
- |
|
- |
|
||||||
The libvirt driver provides port filtering capability. This capability is
|
The libvirt driver port filtering feature will now ignore the
|
||||||
enabled when the following is true:
|
``allow_same_net_traffic`` config option.
|
||||||
|
|
||||||
- The `nova.virt.libvirt.firewall.IptablesFirewallDriver` firewall driver
|
The libvirt driver provides port filtering capability. This capability
|
||||||
|
is enabled when the following is true:
|
||||||
|
|
||||||
|
- The ``nova.virt.libvirt.firewall.IptablesFirewallDriver`` firewall driver
|
||||||
is enabled
|
is enabled
|
||||||
- Security groups are disabled
|
- Security groups are disabled
|
||||||
- Neutron port filtering is disabled
|
- Neutron port filtering is disabled/unsupported
|
||||||
- An IPTables-compatible interface is used, e.g. hybrid mode, where the
|
- An IPTables-compatible interface is used, e.g. an OVS VIF in hybrid mode,
|
||||||
VIF is a tap device
|
where the VIF is a tap device connected to OVS with a bridge
|
||||||
|
|
||||||
When enabled, libvirt applies IPTables rules that provide MAC, IP, and
|
When enabled, libvirt applies IPTables rules to all interface ports that
|
||||||
ARP spoofing protection.
|
provide MAC, IP, and ARP spoofing protection.
|
||||||
|
|
||||||
Previously, setting the `allow_same_net_traffic` config option to `True`
|
Previously, setting the `allow_same_net_traffic` config option to `True`
|
||||||
allowed for same network traffic when using these port filters. This was
|
allowed for same network traffic when using these port filters. This was
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user