openstack
/
neutron
Code Issues Proposed changes

Add note on iptables cleanup after OVS firewall migration 

Add an item to the instructions on iptables to OVS
firewall migration that the admin should cleanup
any stale iptables rules after completion. It is
out of scope of our documents on how exactly an
adminstrator might do that.

Closes-bug: #1864374
Change-Id: Ie1bf6b82e57a00f61640a131a29d897a9cde4629
This commit is contained in:
Brian Haley 2024-03-07 14:00:21 -05:00
parent 63d6079d1c
commit 46245c0154
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/source/contributor/internals/openvswitch_firewall.rst
View File

@ -587,6 +587,14 @@ use the OVS firewall, and instances from other nodes can be live-migrated to
it. Once the first node is evacuated, its firewall driver can be then be
switched to the OVS driver.
4) Once migration is complete, stale iptables rules should be cleaned-up on
all nodes where the firewall driver was changed. They can be found by
searching for the string 'neutron', for example:
.. code-block:: bash
sudo iptables -S | grep neutron
.. note::
During upgrading to openvswitch firewall, the security rules