openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/agent/linux
History
Dustin Lundquist fd5fd259a0 Iptables firewall prevent IP spoofed DHCP requests 
The DHCP rules in the fixed iptables firewall rules were too permissive.
They permitted any UDP traffic with a source port of 68 and destination
port of 67. Care must be taken since these rules return before the IP
spoofing prevention rules. This patch splits the fixed DHCP rules into
two, one for the discovery and request messages which take place before
the instance has bound an IP address and a second to permit DHCP
renewals.

Conflicts:
	neutron/tests/functional/agent/test_firewall.py

Change-Id: Ibc2b0fa80baf2ea8b01fa568cd1fe7a7e092e7a5
Partial-Bug: #1558658
(cherry picked from commit 6a93ee8ac1)
 		2016-04-08 11:24:03 -07:00
..
__init__.py Empty files should not contain copyright or license 2014-10-20 00:50:32 +00:00
async_process.py Keep reading stdout/stderr until after kill 2016-01-26 18:16:21 +00:00
bridge_lib.py Check tap bridge timestamps to detect local changes 2016-03-24 10:56:04 +01:00
daemon.py Correct unwatch_log to support python <= 2.7.5 2015-12-01 06:05:15 +00:00
dhcp.py Removes host file contents from DHCP agent logs 2016-03-22 16:13:30 +00:00
dibbler.py L3 agent changes and reference implementation for IPv6 PD 2015-08-25 08:44:13 +01:00
external_process.py Merge "Change log level from error to warning" into stable/liberty 2016-04-01 14:32:31 +00:00
interface.py Prevent binding IPv6 addresses to Neutron interfaces 2016-03-10 08:28:34 -06:00
ip_conntrack.py De-dup conntrack deletions before running them 2016-03-18 16:15:19 +00:00
ip_lib.py Prevent binding IPv6 addresses to Neutron interfaces 2016-03-10 08:28:34 -06:00
ip_link_support.py Migrate to oslo.log 2015-03-12 11:22:56 +01:00
ip_monitor.py Ignore possible suffix in iproute commands. 2015-12-16 14:26:34 +00:00
ipset_manager.py Execute ipset command using check_exit_code 2015-10-06 08:48:55 +00:00
iptables_comments.py Neutron to Drop Router Advts from VM ports 2015-04-24 03:42:07 +00:00
iptables_firewall.py Iptables firewall prevent IP spoofed DHCP requests 2016-04-08 11:24:03 -07:00
iptables_manager.py Use diffs for iptables restore instead of all rules 2015-12-09 15:55:17 +00:00
keepalived.py Remove obsolete keepalived PID files before start 2016-03-31 15:46:23 +02:00
ovsdb_monitor.py ovsdb monitor: get rid of custom _read_stdout/_read_stderr methods 2015-09-21 17:55:38 +02:00
pd.py Fix Prefix delegation router deletion key error 2015-08-27 17:44:50 -04:00
pd_driver.py L3 agent changes and reference implementation for IPv6 PD 2015-08-25 08:44:13 +01:00
polling.py Restructure agent code in preparation for decomp 2015-06-26 15:06:49 +00:00
ra.py Run radvd as root 2015-04-27 11:03:15 -04:00
utils.py Fixes 'ovs-agent cannot start on Windows because root_helper opt is not found' 2015-10-02 16:02:52 +00:00