)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":8833,"name":"Rabi Mishra","email":"ramishra@redhat.com","username":"rabi"},"change_message_id":"f58d3bc4b49385b96e40fa032bba8bcdfbe72f1f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"2d250988_faafc2af","updated":"2022-10-06 08:45:19.000000000","message":"https://docs.openstack.org/reno/latest/user/usage.html\n\nsecurity section is meant for security fixes and upgrade section if there is attention needed to any detail during upgrade. Anyway, we don\u0027t religiously follow the standard guidelines, so it\u0027s fine I guess.","commit_id":"f14174d353202a1942a4a64b2a0a4ca35dc0a438"},{"author":{"_account_id":28223,"name":"Cedric Jeanneret","display_name":"cjeanner (Tengu)","email":"cjeanner@redhat.com","username":"cjeanner"},"change_message_id":"82655c04b168588f1522afb1c6255cc4d8a7d3e1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"d1a32c3f_a16b4a81","in_reply_to":"2d250988_faafc2af","updated":"2022-10-06 09:25:01.000000000","message":"it\u0027s... kind of a fix? until now, only the NEW connections were dropped, and the overall layout was pretty terrible, with all in the \"main\" standard chains such as INPUT, OUTPUT, FORWARD and all :).","commit_id":"f14174d353202a1942a4a64b2a0a4ca35dc0a438"}],"releasenotes/notes/nftables-13caf0261a170667.yaml":[{"author":{"_account_id":8833,"name":"Rabi Mishra","email":"ramishra@redhat.com","username":"rabi"},"change_message_id":"4935b35038b7624bcd34cf4d987da535b8d5e9f2","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"security:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    TripleO is now configuring the firewall using nftables instead of iptables."},{"line_number":5,"context_line":"  - |"},{"line_number":6,"context_line":"    The firewall layout is now a bit different, since all of the TripleO managed rules are in"},{"line_number":7,"context_line":"    dedicated chains, such as TRIPLEO_INPUT. Jumps are added in the original chains."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"433e9790_3cc6b0c4","line":4,"range":{"start_line":4,"start_character":50,"end_line":4,"end_character":79},"updated":"2022-10-06 07:48:10.000000000","message":"Hmm..We\u0027re dropping it directly rather than deprecating and giving an option. Hope this won\u0027t impact external integrations in anyway.","commit_id":"f14174d353202a1942a4a64b2a0a4ca35dc0a438"},{"author":{"_account_id":28223,"name":"Cedric Jeanneret","display_name":"cjeanner (Tengu)","email":"cjeanner@redhat.com","username":"cjeanner"},"change_message_id":"54c8a41ce3823a5d3a54fe2e0f35316a6eb5eff3","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"security:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    TripleO is now configuring the firewall using nftables instead of iptables."},{"line_number":5,"context_line":"  - |"},{"line_number":6,"context_line":"    The firewall layout is now a bit different, since all of the TripleO managed rules are in"},{"line_number":7,"context_line":"    dedicated chains, such as TRIPLEO_INPUT. Jumps are added in the original chains."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"6787ecf7_8341d20e","line":4,"range":{"start_line":4,"start_character":50,"end_line":4,"end_character":79},"in_reply_to":"42191b77_bbe1c44b","updated":"2022-10-06 14:05:32.000000000","message":"Done","commit_id":"f14174d353202a1942a4a64b2a0a4ca35dc0a438"},{"author":{"_account_id":28223,"name":"Cedric Jeanneret","display_name":"cjeanner (Tengu)","email":"cjeanner@redhat.com","username":"cjeanner"},"change_message_id":"82655c04b168588f1522afb1c6255cc4d8a7d3e1","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"security:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    TripleO is now configuring the firewall using nftables instead of iptables."},{"line_number":5,"context_line":"  - |"},{"line_number":6,"context_line":"    The firewall layout is now a bit different, since all of the TripleO managed rules are in"},{"line_number":7,"context_line":"    dedicated chains, such as TRIPLEO_INPUT. Jumps are added in the original chains."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"42191b77_bbe1c44b","line":4,"range":{"start_line":4,"start_character":50,"end_line":4,"end_character":79},"in_reply_to":"433e9790_3cc6b0c4","updated":"2022-10-06 09:25:01.000000000","message":"as long as the firewall was 100% managed by tripleo, it will work. If ppl were inserting rules beforehand, it will create issues.","commit_id":"f14174d353202a1942a4a64b2a0a4ca35dc0a438"},{"author":{"_account_id":8833,"name":"Rabi Mishra","email":"ramishra@redhat.com","username":"rabi"},"change_message_id":"4935b35038b7624bcd34cf4d987da535b8d5e9f2","unresolved":true,"context_lines":[{"line_number":11,"context_line":"    dropped. This also mean rule ordering is less important."},{"line_number":12,"context_line":"upgrade:"},{"line_number":13,"context_line":"  - |"},{"line_number":14,"context_line":"    All firewall rules are implemented by nftables instead of iptables. This means we don\u0027t"},{"line_number":15,"context_line":"    need to edit anything anymore on the generated iptables/ip6tables files, and keep only the"},{"line_number":16,"context_line":"    cleaning of service and files in the upgrade tasks."},{"line_number":17,"context_line":"other:"},{"line_number":18,"context_line":"  - |"},{"line_number":19,"context_line":"    iptables cli cannot see nftables content we inject, since we\u0027re"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"bc41e451_6bbbc87c","line":16,"range":{"start_line":14,"start_character":0,"end_line":16,"end_character":55},"updated":"2022-10-06 07:48:10.000000000","message":"If this is internal and there is no upgrade impact, why\u0027re we talking about it in upgrade section?","commit_id":"f14174d353202a1942a4a64b2a0a4ca35dc0a438"},{"author":{"_account_id":28223,"name":"Cedric Jeanneret","display_name":"cjeanner (Tengu)","email":"cjeanner@redhat.com","username":"cjeanner"},"change_message_id":"54c8a41ce3823a5d3a54fe2e0f35316a6eb5eff3","unresolved":false,"context_lines":[{"line_number":11,"context_line":"    dropped. This also mean rule ordering is less important."},{"line_number":12,"context_line":"upgrade:"},{"line_number":13,"context_line":"  - |"},{"line_number":14,"context_line":"    All firewall rules are implemented by nftables instead of iptables. This means we don\u0027t"},{"line_number":15,"context_line":"    need to edit anything anymore on the generated iptables/ip6tables files, and keep only the"},{"line_number":16,"context_line":"    cleaning of service and files in the upgrade tasks."},{"line_number":17,"context_line":"other:"},{"line_number":18,"context_line":"  - |"},{"line_number":19,"context_line":"    iptables cli cannot see nftables content we inject, since we\u0027re"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"4c588084_5adea30a","line":16,"range":{"start_line":14,"start_character":0,"end_line":16,"end_character":55},"in_reply_to":"227f2fea_b255297b","updated":"2022-10-06 14:05:32.000000000","message":"Done","commit_id":"f14174d353202a1942a4a64b2a0a4ca35dc0a438"},{"author":{"_account_id":28223,"name":"Cedric Jeanneret","display_name":"cjeanner (Tengu)","email":"cjeanner@redhat.com","username":"cjeanner"},"change_message_id":"82655c04b168588f1522afb1c6255cc4d8a7d3e1","unresolved":true,"context_lines":[{"line_number":11,"context_line":"    dropped. This also mean rule ordering is less important."},{"line_number":12,"context_line":"upgrade:"},{"line_number":13,"context_line":"  - |"},{"line_number":14,"context_line":"    All firewall rules are implemented by nftables instead of iptables. This means we don\u0027t"},{"line_number":15,"context_line":"    need to edit anything anymore on the generated iptables/ip6tables files, and keep only the"},{"line_number":16,"context_line":"    cleaning of service and files in the upgrade tasks."},{"line_number":17,"context_line":"other:"},{"line_number":18,"context_line":"  - |"},{"line_number":19,"context_line":"    iptables cli cannot see nftables content we inject, since we\u0027re"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"227f2fea_b255297b","line":16,"range":{"start_line":14,"start_character":0,"end_line":16,"end_character":55},"in_reply_to":"bc41e451_6bbbc87c","updated":"2022-10-06 09:25:01.000000000","message":"it has an impact, some of the upgrade tasks were removed; this block here is intended for ppl that may have questions as to \"where\u0027s that ugly edit of the iptables save\" and so on.","commit_id":"f14174d353202a1942a4a64b2a0a4ca35dc0a438"}]}