Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: rhos-17.1.8
Affects Version/s: None
Component/s: tripleo-ansible
Labels:
None

Story Points:
8
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Docs Approval:
?
Fixed in Build:
tripleo-ansible-3.3.1-17.1.20250702110757.8debef3.el9ost
AssignedTeam:
rhos-ops-day1day2-edpm
Regression:
None
Intelligence Requested:
Market:
Errata Link:
https://errata.engineering.redhat.com/advisory/152458

Sprint:
EDPM Sprint 3
sprint_count:
1
Severity:
Important

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Since nftables switch, input policy is ACCEPT instead of DROP up until nftables service is reloaded or server is rebooted.

This is the difference between nft list ruleset before and after restarting nftables.

@@ -1,6 +1,6 @@
 table inet filter {
        chain INPUT {
-               type filter hook input priority filter; policy accept;
+               type filter hook input priority filter; policy drop;
                jump TRIPLEO_INPUT
         }

RHOSP17.1.4

is cloned by

OSPRH-15473 Since nftables switch, input policy is ACCEPT instead of DROP up until nftables services is reloaded or server is rebooted

Closed

is triggering

OSPRH-17100 FFU 16.2 to 17.1 undercloud upgrade failed tripleo_nftables due to invalid name on register

Closed

links to

RHBA-2025:152458 Red Hat OpenStack Platform 17.1 bug fix and enhancement advisory

mentioned on

Merge request - Remove all readale permissions for rndc key related files

Assignee:: James Slagle

Reporter:: Dave Hill

Team:: rhos-dfg-df

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2025/03/27 1:44 PM

Updated:: 2025/09/13 5:17 PM

Resolved:: 2025/08/13 12:11 AM