Merge "Add note on iptables cleanup after OVS firewall migration"

2024-04-06 00:26:51 +00:00 · 2024-04-06 00:26:51 +00:00 · 8d0c4b92fc
parent 59bee68b1d 46245c0154
commit 8d0c4b92fc
1 changed files with 8 additions and 0 deletions
--- a/doc/source/contributor/internals/openvswitch_firewall.rst
+++ b/doc/source/contributor/internals/openvswitch_firewall.rst
@ -587,6 +587,14 @@ use the OVS firewall, and instances from other nodes can be live-migrated to
 it. Once the first node is evacuated, its firewall driver can be then be
 switched to the OVS driver.

+4) Once migration is complete, stale iptables rules should be cleaned-up on
+all nodes where the firewall driver was changed. They can be found by
+searching for the string 'neutron', for example:
+
+.. code-block:: bash
+
+    sudo iptables -S | grep neutron
+
 .. note::

  During upgrading to openvswitch firewall, the security rules