Slawek Kaplonski 7b1f0dd1ae [OVS FW] Allow egress ICMPv6 only for know addresses ... Before that patch it was possible to send ICMPv6 packets like e.g. neutron_lib.constants.ICMPV6_TYPE_MLD_QUERY, neutron_lib.constants.ICMPV6_TYPE_RS, neutron_lib.constants.ICMPV6_TYPE_NS, neutron_lib.constants.ICMPV6_TYPE_NA And that could cause some security issues as instance could advertise that it owns IPv6 address which really don't belong to it. Now rules in table=71 which allows that traffic are "per mac/ipaddress" and are allowed only for fixed ips allocated to port and port's allowed_address_pairs. Conflicts: neutron/agent/linux/openvswitch_firewall/firewall.py neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py Closes-Bug: #1902917 Change-Id: I4749fdc6a6cabd253b971bf4010ff76f5593c59c (cherry picked from commit 4b5bcff64c)		2021-02-27 21:17:05 +01:00
..
source	[OVS FW] Allow egress ICMPv6 only for know addresses	2021-02-27 21:17:05 +01:00
Makefile	Merge from launchpad quantum/diablo branch:	2011-09-23 20:17:44 -07:00