274fcbfce2
Before that patch it was possible to send ICMPv6 packets like e.g.
neutron_lib.constants.ICMPV6_TYPE_MLD_QUERY,
neutron_lib.constants.ICMPV6_TYPE_RS,
neutron_lib.constants.ICMPV6_TYPE_NS,
neutron_lib.constants.ICMPV6_TYPE_NA
And that could cause some security issues as instance could advertise
that it owns IPv6 address which really don't belong to it.
Now rules in table=71 which allows that traffic are "per mac/ipaddress"
and are allowed only for fixed ips allocated to port and port's
allowed_address_pairs.
Closes-Bug: #1902917
Change-Id: I4749fdc6a6cabd253b971bf4010ff76f5593c59c
(cherry picked from commit
|
||
---|---|---|
.. | ||
dashboards | ||
internals | ||
policies | ||
stadium | ||
testing | ||
alembic_migrations.rst | ||
client_command_extensions.rst | ||
contribute.rst | ||
development_environment.rst | ||
effective_neutron.rst | ||
index.rst | ||
modules.rst | ||
neutron_api.rst | ||
upgrade_checks.rst |