Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove tcp source port 179 rule due to caclmgrd's change #5186

Merged
merged 1 commit into from
Feb 22, 2022
Merged

Remove tcp source port 179 rule due to caclmgrd's change #5186

merged 1 commit into from
Feb 22, 2022

Conversation

ZhaohuiS
Copy link
Contributor

Description of PR

Summary:
Fixes # (issue)
caclmgrd has been changed in PR:
sonic-net/sonic-buildimage#9827

It removed the rules for tcp source port 179 for security.
We have to remove these expected rules for tcp source port 179 in function generate_expected_rules() as well.

Signed-off-by: Zhaohui Sun [email protected]

Type of change

  • Bug fix
  • Testbed and Framework(new/improvement)
  • Test case(new/improvement)

Back port request

  • 201911

Approach

What is the motivation for this PR?

caclmgrd has changed recently, it blocked sonic-mgmt PR testing.

How did you do it?

Remove the expected rules below in function generate_expected_rules() a.
iptables_rules.append("-A INPUT -p tcp -m tcp --sport 179 -j ACCEPT")
ip6tables_rules.append("-A INPUT -p tcp -m tcp --sport 179 -j ACCEPT")

How did you verify/test it?

run tests/cacl/test_cacl_application.py::test_cacl_application

Any platform specific information?

Supported testbed topology if it's a new test case?

Documentation

@ZhaohuiS ZhaohuiS requested a review from a team as a code owner February 21, 2022 02:53
@ZhaohuiS ZhaohuiS requested a review from wangxin February 21, 2022 02:54
@ZhaohuiS
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@ZhaohuiS
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@ZhaohuiS
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@ZhaohuiS ZhaohuiS merged commit 4f64420 into sonic-net:master Feb 22, 2022
@ZhaohuiS ZhaohuiS mentioned this pull request Feb 23, 2022
Merged
4 tasks
ZhaohuiS added a commit that referenced this pull request Feb 23, 2022
@ZhaohuiS
Add sport 179 rules back for other versions (#5203)
1632556 
What is the motivation for this PR?
Try to avoid nightly cacl test failure introduced by #5186.

How did you do it?
Add a os version checker before add sport 179 rules.

How did you verify/test it?
run tests/test_cacl_application.py::test_cacl_application

Signed-off-by: Zhaohui Sun <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wangxin wangxin wangxin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ZhaohuiS @wangxin