| *** hoangcx has quit IRC | 01:55 | |
| *** hoangcx has joined #openstack-fwaas | 01:55 | |
| *** threestrands_ has joined #openstack-fwaas | 02:14 | |
| *** threestrands_ has quit IRC | 02:14 | |
| *** threestrands_ has joined #openstack-fwaas | 02:14 | |
| *** threestrands has quit IRC | 02:16 | |
| *** yamamoto has joined #openstack-fwaas | 03:28 | |
| *** reedip has joined #openstack-fwaas | 03:34 | |
| *** annp has joined #openstack-fwaas | 03:56 | |
| openstackgerrit | Cao Xuan Hoang proposed openstack/neutron-fwaas master: [log]: Add rpc stuff for logging https://review.openstack.org/530715 | 04:13 |
|---|---|---|
| openstackgerrit | Cao Xuan Hoang proposed openstack/neutron-fwaas master: [log]: Add rpc stuff for logging https://review.openstack.org/530715 | 04:42 |
| *** threestrands_ has quit IRC | 06:13 | |
| *** chandanc has joined #openstack-fwaas | 06:36 | |
| *** chandanc has quit IRC | 07:05 | |
| *** chandanc has joined #openstack-fwaas | 07:40 | |
| chandanc | xgerman_: does https://www.irccloud.com/pastebin/U9cW9o1H/ happen for even OVS based SG | 07:42 |
| *** chandanc has quit IRC | 08:01 | |
| *** chandanc has joined #openstack-fwaas | 08:02 | |
| *** chandanc has quit IRC | 08:09 | |
| *** chandanc has joined #openstack-fwaas | 08:57 | |
| *** chandanc_ has joined #openstack-fwaas | 09:04 | |
| *** chandanc has quit IRC | 09:06 | |
| *** chandanc_ is now known as chandanc | 09:06 | |
| *** hoangcx has quit IRC | 10:15 | |
| *** jafeha has quit IRC | 10:17 | |
| *** reedip has quit IRC | 10:39 | |
| *** chandanc has quit IRC | 10:48 | |
| *** reedip has joined #openstack-fwaas | 10:52 | |
| *** jafeha has joined #openstack-fwaas | 11:17 | |
| *** annp has quit IRC | 12:00 | |
| xgerman_ | Yes, that’s the scenario I tested | 15:14 |
| xgerman_ | co-exiatnce | 15:14 |
| *** jafeha has quit IRC | 15:37 | |
| *** jafeha has joined #openstack-fwaas | 15:39 | |
| *** yamamoto has quit IRC | 16:26 | |
| *** openstackstatus has quit IRC | 16:40 | |
| *** openstackstatus has joined #openstack-fwaas | 16:41 | |
| *** ChanServ sets mode: +v openstackstatus | 16:41 | |
| *** yamamoto has joined #openstack-fwaas | 16:50 | |
| *** jafeha__ has joined #openstack-fwaas | 17:14 | |
| *** jafeha has quit IRC | 17:16 | |
| *** chandanc has joined #openstack-fwaas | 17:18 | |
| chandanc | Hello xgerman_ : i think the issue is that we handle both allow and deny rules while sg handles only allow rules | 17:18 |
| chandanc | here is the part that differs for FWaaS v2 | 17:19 |
| chandanc | https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/drivers/linux/l2/openvswitch_firewall/firewall.py#L902 | 17:19 |
| chandanc | https://github.com/openstack/neutron/blob/master/neutron/agent/linux/openvswitch_firewall/firewall.py#L1078 | 17:19 |
| *** jafeha__ has quit IRC | 17:20 | |
| xgerman_ | yeah, this is what yushiro said. I think what we do is better because more explicit + I am not sure if you enable co-existance we should behave like SG until someone adds rules | 17:24 |
| chandanc | hmm, i agree we do better, :) | 17:27 |
| chandanc | we can disable handling deny if needed | 17:29 |
| chandanc | i think SG doesnot expect rules with deny action | 17:29 |
| *** yamamoto has quit IRC | 17:47 | |
| xgerman_ | this is a difficult topic since on the one hand we don’t want to break SG if you add FWaaS but also not change our behavior drastically when you run us stand-alone as opposed to co-existance + SG might behave wrong (I found at least 1 regression error in Pike+) | 17:50 |
| xgerman_ | ok, I made up my mind: we should be strict and people should fix their SG. Having implicit allows is dangerous for security | 17:59 |
| chandanc | xgerman_: i agree lets keep our behaviour | 18:02 |
| xgerman_ | we definitely need to give a talk/record a video/write doc | 18:02 |
| *** yamamoto has joined #openstack-fwaas | 18:03 | |
| chandanc | sure, we should have a demo recorded. i can take a shot | 18:04 |
| *** yamamoto has quit IRC | 18:07 | |
| xgerman_ | +1 | 18:10 |
| *** chandanc has quit IRC | 18:23 | |
| openstackgerrit | boden proposed openstack/neutron-fwaas master: use EGRESS_DIRECTION and INGRESS_DIRECTION from neutron-lib https://review.openstack.org/531467 | 18:46 |
| *** yamamoto has joined #openstack-fwaas | 18:48 | |
| *** yamamoto has quit IRC | 18:52 | |
| *** openstack has joined #openstack-fwaas | 21:15 | |
| *** ChanServ sets mode: +o openstack | 21:15 | |
| *** yamamoto has joined #openstack-fwaas | 22:04 | |
| *** lnicolas has quit IRC | 22:10 | |
| *** yamamoto has quit IRC | 22:17 | |
| *** vishwanathj_ has joined #openstack-fwaas | 22:21 | |
| *** vishwanathj has quit IRC | 22:59 | |
| *** vishwanathj has joined #openstack-fwaas | 23:31 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!