openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/cmd
History
Jens Harbott 72d9c3ccb3 Secure dnsmasq process against external abuse 
Currently any dhcp agent instance will work as an open resolver. For
deployments using publicly routed addresses for tenant networks, this
allows the agent being abused in dDoS attacks, see [1].

By setting the `--local-service` option dnsmasq will filter DNS queries
and reply only to queries from directly attached networks.

[1] https://bugs.launchpad.net/neutron/+bug/1501206

Conflicts:
    neutron/cmd/sanity_check.py

Closes-Bug: 1501206
Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e
(cherry picked from commit 0fce3ca2c1)
 		2019-01-25 13:58:43 +00:00
..
eventlet use service type constants from neutron_lib plugins 2017-06-27 15:16:05 -06:00
sanity Secure dnsmasq process against external abuse 2019-01-25 13:58:43 +00:00
__init__.py Fix logging error for Guru Meditation Report 2016-02-08 16:52:17 -08:00
ipset_cleanup.py Make use of -w argument for iptables calls 2017-09-06 15:28:11 +00:00
keepalived_state_change.py Replace keepalived notifier bash script with Python ip monitor 2015-03-18 18:59:33 -04:00
linuxbridge_cleanup.py Make code follow log translation guideline 2017-08-14 10:53:33 -07:00
netns_cleanup.py Make code follow log translation guideline 2017-08-14 10:53:33 -07:00
ovs_cleanup.py More efficiently clean up OVS ports 2018-01-25 15:29:49 +00:00
pd_notify.py neutron-lib: use replace_file from neutron lib 2016-11-07 09:18:41 +00:00
runtime_checks.py Move dhcp_release6_supported to runtime checks file 2017-02-15 16:29:01 -06:00
sanity_check.py Secure dnsmasq process against external abuse 2019-01-25 13:58:43 +00:00