neutron

History

Jens Harbott 0fce3ca2c1 Secure dnsmasq process against external abuse Currently any dhcp agent instance will work as an open resolver. For deployments using publicly routed addresses for tenant networks, this allows the agent being abused in dDoS attacks, see [1]. By setting the `--local-service` option dnsmasq will filter DNS queries and reply only to queries from directly attached networks. [1] https://bugs.launchpad.net/neutron/+bug/1501206 Closes-Bug: 1501206 Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e	2018-11-28 15:49:25 -05:00
..
__init__.py	Remove run-time version checking for openvswitch features	2014-06-04 09:25:53 -05:00
checks.py	Secure dnsmasq process against external abuse	2018-11-28 15:49:25 -05:00

Jens Harbott 0fce3ca2c1 Secure dnsmasq process against external abuse

Currently any dhcp agent instance will work as an open resolver. For
deployments using publicly routed addresses for tenant networks, this
allows the agent being abused in dDoS attacks, see [1].

By setting the `--local-service` option dnsmasq will filter DNS queries
and reply only to queries from directly attached networks.

[1] https://bugs.launchpad.net/neutron/+bug/1501206

Closes-Bug: 1501206
Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e

2018-11-28 15:49:25 -05:00

__init__.py

Remove run-time version checking for openvswitch features

2014-06-04 09:25:53 -05:00

checks.py

Secure dnsmasq process against external abuse

2018-11-28 15:49:25 -05:00