17 lines
759 B
YAML
17 lines
759 B
YAML
![]() |
---
|
||
|
security:
|
||
|
- |
|
||
|
Fixes ``net.ipv4.ip_forward`` not to be enabled by Kolla Ansible
|
||
|
on the default network namespace.
|
||
|
It was enabled on hosts with Neutron L3 Agent (thus in most common
|
||
|
setups with OVS and/or Linux Bridge, but not OVN) and allowed,
|
||
|
unless users had extra iptables rules to avoid that, any traffic
|
||
|
to be accepted for forwarding (as long as it was routable and passed
|
||
|
other checks).
|
||
|
Users of existing setups are advised to re-evaluate whether they
|
||
|
need this sysctl enabled and disable if not necessary.
|
||
|
Kolla Ansible will simply no longer try to set this sysctl at all.
|
||
|
Neutron L3 Agent handles forwarding enablement per managed
|
||
|
namespace.
|
||
|
`LP#1945453 <https://launchpad.net/bugs/1945453>`__
|