---
security:
  - |
    Fixes ``net.ipv4.ip_forward`` not to be enabled by Kolla Ansible
    on the default network namespace.
    It was enabled on hosts with Neutron L3 Agent (thus in most common
    setups with OVS and/or Linux Bridge, but not OVN) and allowed,
    unless users had extra iptables rules to avoid that, any traffic
    to be accepted for forwarding (as long as it was routable and passed
    other checks).
    Users of existing setups are advised to re-evaluate whether they
    need this sysctl enabled and disable if not necessary.
    Kolla Ansible will simply no longer try to set this sysctl at all.
    Neutron L3 Agent handles forwarding enablement per managed
    namespace.
    `LP#1945453 <https://launchpad.net/bugs/1945453>`__