openstack/neutron
Code Issues Proposed changes
f599c15e33
neutron/neutron/agent
History
Jens Harbott f599c15e33 Secure dnsmasq process against external abuse 
Currently any dhcp agent instance will work as an open resolver. For
deployments using publicly routed addresses for tenant networks, this
allows the agent being abused in dDoS attacks, see [1].

By setting the `--local-service` option dnsmasq will filter DNS queries
and reply only to queries from directly attached networks.

[1] https://bugs.launchpad.net/neutron/+bug/1501206

Conflicts:
    neutron/cmd/sanity_check.py

Closes-Bug: 1501206
Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e
(cherry picked from commit 0fce3ca2c1)
2019-01-25 13:58:19 +00:00
..
common Fix neutron-openvswitch-agent Windows support 2018-11-23 17:13:42 +02:00
dhcp protect DHCP agent cache out of sync 2019-01-20 03:03:24 +00:00
l2 Clear residual qos rules after l2-agent restarts. 2019-01-24 06:43:01 +00:00
l3 [DVR] Allow multiple subnets per external network 2019-01-18 08:22:54 +00:00
linux Secure dnsmasq process against external abuse 2019-01-25 13:58:19 +00:00
metadata Merge "Allow Ipv6 addresses for nova_metadata_host" into stable/queens 2018-10-23 11:08:30 +00:00
ovsdb Merge "Fixes using SSL OVSDB connection" 2018-02-09 09:04:26 +00:00
windows Fix neutron-openvswitch-agent Windows support 2018-11-23 17:13:42 +02:00
__init__.py Empty files should not contain copyright or license 2014-10-20 00:50:32 +00:00
agent_extension.py Generalize agent extension mechanism 2016-07-19 13:45:22 +00:00
agent_extensions_manager.py Make code follow log translation guideline 2017-08-14 02:01:48 +00:00
dhcp_agent.py Change ip_lib network namespace code to use pyroute2 2017-10-04 21:09:28 +00:00
firewall.py consume load_class_by_alias_or_classname from neutron-lib 2017-10-21 06:01:15 -06:00
l3_agent.py Refactoring agent linux&ovsdb config 2017-08-25 10:41:39 -04:00
metadata_agent.py Remove deprecated cache_url 2017-11-10 00:47:19 -05:00
resource_cache.py Merge "Fix race condition with enabling SG on many ports at once" 2018-01-27 10:36:37 +00:00
rpc.py remove neutron.callbacks package 2018-01-16 09:32:32 -07:00
securitygroups_rpc.py Iptables firewall driver adds forward rules for trusted ports 2018-03-25 09:56:10 +00:00