9ab5159d2d
Before that patch it was possible to send ICMPv6 packets like e.g.
neutron_lib.constants.ICMPV6_TYPE_MLD_QUERY,
neutron_lib.constants.ICMPV6_TYPE_RS,
neutron_lib.constants.ICMPV6_TYPE_NS,
neutron_lib.constants.ICMPV6_TYPE_NA
And that could cause some security issues as instance could advertise
that it owns IPv6 address which really don't belong to it.
Now rules in table=71 which allows that traffic are "per mac/ipaddress"
and are allowed only for fixed ips allocated to port and port's
allowed_address_pairs.
Conflicts:
neutron/agent/linux/openvswitch_firewall/firewall.py
neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
Closes-Bug: #1902917
Change-Id: I4749fdc6a6cabd253b971bf4010ff76f5593c59c
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| _static | ||
| admin | ||
| cli | ||
| configuration | ||
| contributor | ||
| ext | ||
| feature_classification | ||
| install | ||
| conf.py | ||
| index.rst | ||