neutron

History

Jens Harbott 72d9c3ccb3 Secure dnsmasq process against external abuse Currently any dhcp agent instance will work as an open resolver. For deployments using publicly routed addresses for tenant networks, this allows the agent being abused in dDoS attacks, see [1]. By setting the `--local-service` option dnsmasq will filter DNS queries and reply only to queries from directly attached networks. [1] https://bugs.launchpad.net/neutron/+bug/1501206 Conflicts: neutron/cmd/sanity_check.py Closes-Bug: 1501206 Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e (cherry picked from commit `0fce3ca2c1`)	2019-01-25 13:58:43 +00:00
..
notes	Secure dnsmasq process against external abuse	2019-01-25 13:58:43 +00:00
source	Do not use prelude section for individual release notes	2017-08-04 07:17:52 +00:00

Jens Harbott 72d9c3ccb3 Secure dnsmasq process against external abuse

Currently any dhcp agent instance will work as an open resolver. For
deployments using publicly routed addresses for tenant networks, this
allows the agent being abused in dDoS attacks, see [1].

By setting the `--local-service` option dnsmasq will filter DNS queries
and reply only to queries from directly attached networks.

[1] https://bugs.launchpad.net/neutron/+bug/1501206

Conflicts:
    neutron/cmd/sanity_check.py

Closes-Bug: 1501206
Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e
(cherry picked from commit 0fce3ca2c1)

2019-01-25 13:58:43 +00:00

notes Secure dnsmasq process against external abuse 2019-01-25 13:58:43 +00:00

source Do not use prelude section for individual release notes 2017-08-04 07:17:52 +00:00