vrf: if NAT is configured aftert creating a VRF instance, nftables conntrack mapping for VRF zones is not populated
Closed, InvalidPublicBUG
Actions

Assigned To

Authored By

	c-po
	Jul 26 2024, 7:23 AM

Description

There is a missing dependency from nat, nat66 and firewall for the VRF environment.

VRF probes during setup if NAT, NAT66 or a statefull firewall is configured and if so, it will install the nftables conntrack helper.

If the firewall is added later, the VRF code portion is not re-called and thus the nftables rule is not setup.

This task is invalid, as nat.py calls system_conntrack.py which has a back dependency on vry.py. So the dependency graph is fully operational

		Status	Subtype	Assigned	Task
		Resolved	BUG	c-po	T6603 vrf: nftables conntrack ct_iface_map contains multiple identical entries
		Invalid	BUG	c-po	T6609 vrf: if NAT is configured aftert creating a VRF instance, nftables conntrack mapping for VRF zones is not populated

c-po claimed this task.

Viacheslav triaged this task as Normal priority.Jul 26 2024, 7:33 AM

c-po closed this task as Invalid.Jul 26 2024, 7:54 AM

c-po lowered the priority of this task from Normal to Wishlist.

c-po updated the task description. (Show Details)