-
Bug
-
Resolution: Done
-
Critical
-
None
-
4.11.z
-
None
-
Critical
-
None
-
SDN Sprint 229, SDN Sprint 230, SDN Sprint 231
-
3
-
Rejected
-
False
-
Description of problem:
Follow-up of: https://issues.redhat.com/browse/SDN-2988
This failure is perma-failing in the e2e-metal-ipi-ovn-dualstack-local-gateway jobs.
Example: https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-nightly-4.13-e2e-metal-ipi-ovn-dualstack-local-gateway/1597574181430497280
Search CI: https://search.ci.openshift.org/?search=when+using+openshift+ovn-kubernetes+should+ensure+egressfirewall+is+created&maxAge=336h&context=1&type=junit&name=e2e-metal-ipi-ovn-dualstack-local-gateway&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job
Sippy: https://sippy.dptools.openshift.org/sippy-ng/jobs/4.13/analysis?filters=%7B%22items%22%3A%5B%7B%22columnField%22%3A%22name%22%2C%22operatorValue%22%3A%22equals%22%2C%22value%22%3A%22periodic-ci-openshift-release-master-nightly-4.13-e2e-metal-ipi-ovn-dualstack-local-gateway%22%7D%5D%7D
Version-Release number of selected component (if applicable):
4.12,4.13
How reproducible:
Every time
Steps to Reproduce:
1. Setup dualstack KinD cluster 2. Create egress fw policy with spec Spec: Egress: To: Cidr Selector: 0.0.0.0/0 Type: Deny 3. create a pod and ping to 1.1.1.1
Actual results:
Egress policy does not block flows to external IP
Expected results:
Egress policy blocks flows to external IP
Additional info:
It seems mixing ip4 and ip6 operands in ACL matchs doesnt work
- clones
-
OCPBUGS-6823 [release-4.12] Egress FW ACL rules are invalid in dualstack mode
- Closed
- depends on
-
OCPBUGS-6823 [release-4.12] Egress FW ACL rules are invalid in dualstack mode
- Closed
- is cloned by
-
OCPBUGS-7012 [release-4.10] Egress FW ACL rules are invalid in dualstack mode
- Closed
- is depended on by
-
OCPBUGS-7012 [release-4.10] Egress FW ACL rules are invalid in dualstack mode
- Closed
- links to