dbe7ba1868
The flow rules to match on ARP headers for spoofing prevention fail to install when an IPv6 address is used. These should be skipped since the ARP spoofing prevention doesn't apply to IPv6. Co-authored-by: Kevin Benton <blak111@gmail.com> Closes-Bug: #1449363 Change-Id: I4bb3135e62378c5c96d1ac0b646336ac9a637bde
21 lines
714 B
XML
21 lines
714 B
XML
# neutron-rootwrap command filters to support functional testing. It
|
|
# is NOT intended to be used outside of a test environment.
|
|
#
|
|
# This file should be owned by (and only-writeable by) the root user
|
|
|
|
[Filters]
|
|
# enable ping from namespace
|
|
ping_filter: CommandFilter, ping, root
|
|
ping6_filter: CommandFilter, ping6, root
|
|
|
|
# enable curl from namespace
|
|
curl_filter: CommandFilter, curl, root
|
|
tee_filter: CommandFilter, tee, root
|
|
tee_kill: KillFilter, root, tee, -9
|
|
nc_filter: CommandFilter, nc, root
|
|
# netcat has different binaries depending on linux distribution
|
|
nc_kill: KillFilter, root, nc, -9
|
|
ncbsd_kill: KillFilter, root, nc.openbsd, -9
|
|
ncat_kill: KillFilter, root, ncat, -9
|
|
ss_filter: CommandFilter, ss, root
|